Request a Demo
Rewterz
Rewterz Threat Advisory – Atlassian Confluence Data Center and Server Vulnerabilities
July 25, 2023
Rewterz
Rewterz Threat Advisory – Multiple Oracle Java SE Vulnerabilities
July 25, 2023

Rewterz Threat Advisory – Multiple Oracle Java SE Vulnerabilities

Severity

Low

Analysis Summary

CVE-2023-22043 CVSS:5.9

A vulnerability in Oracle Java SE related to the JavaFX component could allow a remote authenticated attacker to cause high integrity impacts.

CVE-2023-22041 CVSS:5.1

A vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK related to the Hotspot component could allow a local attacker to cause high confidentiality impacts.

CVE-2023-22051 CVSS:3.7

A vulnerability in Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK related to the GraalVM Compiler component could allow a remote attacker to cause low confidentiality impact.

CVE-2023-22044 CVSS:3.7

A vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK related to the Hotspot component could allow a remote attacker to cause low confidentiality impacts.

CVE-2023-22045 CVSS:3.7

A vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK related to the Hotspot component could allow a remote attacker to cause low confidentiality impacts.

CVE-2023-22049 CVSS:3.7

A vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK related to the Libraries component could allow a remote attacker to cause low integrity impacts.

CVE-2023-22036 CVSS:3.7

A vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK related to the Utility component could allow a remote attacker to cause low availability impacts.

CVE-2023-22006 CVSS:3.1

A vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK related to the Networking component could allow a remote attacker to cause low integrity impacts.

Impact

  • Information Disclosure
  • Data Manipulation

Indicators Of Compromise

CVE

  • CVE-2023-22043
  • CVE-2023-22041
  • CVE-2023-22051
  • CVE-2023-22044
  • CVE-2023-22045
  • CVE-2023-22049
  • CVE-2023-22036
  • CVE-2023-22006

Affected Vendors

Oracle

Affected Products

  • Oracle Java SE 8u371
  • Oracle GraalVM for JDK 17.0.7
  • Oracle GraalVM for JDK 20.0.1
  • Oracle Java SE 11.0.19
  • Oracle Java SE 17.0.7
  • Oracle Java SE 20.0.1
  • Oracle GraalVM Enterprise Edition 20.3.10
  • Oracle GraalVM Enterprise Edition 21.3.6
  • Oracle GraalVM Enterprise Edition 22.3.2
  • Oracle Java SE 8u371-perf

Remediation

Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.

Oracle Critical Patch Update Advisory