Oracle OpenJDK Vulnerability (CVE-2023-22067)

2023-10-1900:00:00

plugins.openvas.org

oracle openjdk

vulnerability

cve-2023-22067

unauthorized access

corba

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

31.4%

JSON

Oracle OpenJDK is prone to a vulnerability in the
other-libs/corba component.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:oracle:openjdk";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.100232");
  script_version("2024-01-18T05:07:09+0000");
  script_tag(name:"last_modification", value:"2024-01-18 05:07:09 +0000 (Thu, 18 Jan 2024)");
  script_tag(name:"creation_date", value:"2023-10-19 08:57:35 +0000 (Thu, 19 Oct 2023)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-10-18 01:28:00 +0000 (Wed, 18 Oct 2023)");

  script_cve_id("CVE-2023-22067");

  script_tag(name:"qod_type", value:"executable_version_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Oracle OpenJDK Vulnerability (CVE-2023-22067)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("General");
  script_dependencies("secpod_openjdk_detect.nasl");
  script_mandatory_keys("openjdk/detected");

  script_tag(name:"summary", value:"Oracle OpenJDK is prone to a vulnerability in the
  other-libs/corba component.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Easily exploitable vulnerability allows unauthenticated attacker
  with network access via CORBA to compromise Oracle Java SE. Successful attacks of this
  vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE
  accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the
  specified Component without using Untrusted Java Web Start applications or Untrusted Java applets,
  such as through a web service.");

  script_tag(name:"affected", value:"Oracle OpenJDK versions 8 (1.8.0).");

  script_tag(name:"solution", value:"See the referenced vendor advisory for a solution.");

  script_xref(name:"URL", value:"https://openjdk.org/groups/vulnerability/advisories/2023-10-17");
  script_xref(name:"URL", value:"https://mail.openjdk.org/pipermail/vuln-announce/2023-October/000021.html");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_in_range(version: version, test_version: "1.8.0", test_version2: "1.8.0.382")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "1.8.0.392 (8u392)", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);