Lucene search

Kaspersky LabKLA51006

HistoryJul 18, 2023 - 12:00 a.m.

KLA51006 Multiple vulnerabilities in Oracle Java SE and GraalVM

2023-07-1800:00:00

Kaspersky Lab

threats.kaspersky.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.8%

JSON

Detect date:

07/18/2023

Severity:

High

Description:

Multiple vulnerabilities were found in Oracle Java SE and GraalVM. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information.

Affected products:

Oracle GraalVM Enterprise Edition 20.3.10, 21.3.6, 22.3.2

Solution:

Update to the latest version
Download Java

Original advisories:

Oracle Critical Patch Update Advisory – July 2023

Impacts:

ACE

Related products:

Oracle Java JRE 1.7.x

CVE-IDS:

CVE-2023-251937.5Critical
CVE-2023-220063.1Warning
CVE-2023-220415.1High
CVE-2023-220443.7Warning
CVE-2023-220435.9High
CVE-2023-220493.7Warning
CVE-2023-220453.7Warning
CVE-2023-220363.7Warning

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22006

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22036

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22041

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22043

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22044

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22045

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22049

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25193

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/

threats.kaspersky.com/en/product/Oracle-Java-JRE-1.8.x/

www.oracle.com/java/

www.oracle.com/security-alerts/cpujul2023.html#AppendixJAVA

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.8%

JSON

Related for KLA51006