Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2024 Greenbone AGOPENVAS:1361412562310833834
HistoryMar 04, 2024 - 12:00 a.m.

openSUSE: Security Advisory for java (SUSE-SU-2023:3442-1)

2024-03-0400:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
9
security
advisory
java
update
version
jdk8u382
fixes
cve-2023-22045
cve-2023-22049
opensuse leap 15.4
opensuse leap 15.5

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

28.0%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.833834");
  script_version("2024-05-16T05:05:35+0000");
  script_cve_id("CVE-2023-22045", "CVE-2023-22049");
  script_tag(name:"cvss_base", value:"2.6");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:N/I:P/A:N");
  script_tag(name:"last_modification", value:"2024-05-16 05:05:35 +0000 (Thu, 16 May 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-07-18 21:15:14 +0000 (Tue, 18 Jul 2023)");
  script_tag(name:"creation_date", value:"2024-03-04 07:16:51 +0000 (Mon, 04 Mar 2024)");
  script_name("openSUSE: Security Advisory for java (SUSE-SU-2023:3442-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=(openSUSELeap15\.4|openSUSELeap15\.5)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:3442-1");
  script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/ZBAQWUQYURGBFDAFAD4TTRXFAY55WHTK");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'java'
  package(s) announced via the SUSE-SU-2023:3442-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for java-1_8_0-openjdk fixes the following issues:

  Update to version jdk8u382 (icedtea-3.28.0):

  * CVE-2023-22045: Fixed a difficult to exploit vulnerability that allows
      unauthenticated attacker with network access via multiple protocols to
      compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM
      for JDK (bsc#1213481).

  * CVE-2023-22049: Fixed a difficult to exploit vulnerability that allows
      unauthenticated attacker with network access via multiple protocols to
      compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM
      for JDK (bsc#1213482).

  ##");

  script_tag(name:"affected", value:"'java' package(s) on openSUSE Leap 15.4, openSUSE Leap 15.5.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSELeap15.4") {

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-src", rpm:"java-1_8_0-openjdk-src~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel-debuginfo", rpm:"java-1_8_0-openjdk-devel-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless-debuginfo", rpm:"java-1_8_0-openjdk-headless-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo-debuginfo", rpm:"java-1_8_0-openjdk-demo-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless", rpm:"java-1_8_0-openjdk-headless~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debugsource", rpm:"java-1_8_0-openjdk-debugsource~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk", rpm:"java-1_8_0-openjdk~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo", rpm:"java-1_8_0-openjdk-demo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-accessibility", rpm:"java-1_8_0-openjdk-accessibility~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel", rpm:"java-1_8_0-openjdk-devel~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debuginfo", rpm:"java-1_8_0-openjdk-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-javadoc", rpm:"java-1_8_0-openjdk-javadoc~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-src", rpm:"java-1_8_0-openjdk-src~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel-debuginfo", rpm:"java-1_8_0-openjdk-devel-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless-debuginfo", rpm:"java-1_8_0-openjdk-headless-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo-debuginfo", rpm:"java-1_8_0-openjdk-demo-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless", rpm:"java-1_8_0-openjdk-headless~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debugsource", rpm:"java-1_8_0-openjdk-debugsource~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk", rpm:"java-1_8_0-openjdk~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo", rpm:"java-1_8_0-openjdk-demo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-accessibility", rpm:"java-1_8_0-openjdk-accessibility~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel", rpm:"java-1_8_0-openjdk-devel~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debuginfo", rpm:"java-1_8_0-openjdk-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-javadoc", rpm:"java-1_8_0-openjdk-javadoc~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "openSUSELeap15.5") {

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-src", rpm:"java-1_8_0-openjdk-src~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel-debuginfo", rpm:"java-1_8_0-openjdk-devel-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless-debuginfo", rpm:"java-1_8_0-openjdk-headless-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo-debuginfo", rpm:"java-1_8_0-openjdk-demo-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless", rpm:"java-1_8_0-openjdk-headless~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debugsource", rpm:"java-1_8_0-openjdk-debugsource~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk", rpm:"java-1_8_0-openjdk~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo", rpm:"java-1_8_0-openjdk-demo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-accessibility", rpm:"java-1_8_0-openjdk-accessibility~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel", rpm:"java-1_8_0-openjdk-devel~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debuginfo", rpm:"java-1_8_0-openjdk-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-javadoc", rpm:"java-1_8_0-openjdk-javadoc~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-src", rpm:"java-1_8_0-openjdk-src~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel-debuginfo", rpm:"java-1_8_0-openjdk-devel-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless-debuginfo", rpm:"java-1_8_0-openjdk-headless-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo-debuginfo", rpm:"java-1_8_0-openjdk-demo-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless", rpm:"java-1_8_0-openjdk-headless~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debugsource", rpm:"java-1_8_0-openjdk-debugsource~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk", rpm:"java-1_8_0-openjdk~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo", rpm:"java-1_8_0-openjdk-demo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-accessibility", rpm:"java-1_8_0-openjdk-accessibility~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel", rpm:"java-1_8_0-openjdk-devel~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debuginfo", rpm:"java-1_8_0-openjdk-debuginfo~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-javadoc", rpm:"java-1_8_0-openjdk-javadoc~1.8.0.382~150000.3.82.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

openvas 12
nessus 56
oraclelinux 8
ibm 52
redhat 26
osv 14
rocky 2
almalinux 5
cloudlinux 1
ubuntucve 2
debiancve 2
veracode 2
cvelist 2
cve 2
prion 2
alpinelinux 2
redhatcve 2
nvd 2
f5 1
debian 1
amazon 1
ubuntu 1
aix 1
openvas
openvas
Oracle Java SE Security Update (jul2023) 05 - Windows
2023-07-19 00:00:00
openSUSE: Security Advisory for java (SUSE-SU-2023:3332-1)
2024-03-04 00:00:00
Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2023-3130)
2023-11-09 00:00:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openjdk (SUSE-SU-2023:3442-1)
2023-08-30 00:00:00
CentOS 7 : java-1.8.0-openjdk (RHSA-2023:4166)
2023-12-22 00:00:00
RHEL 9 : java-1.8.0-openjdk (RHSA-2023:4174)
2023-07-20 00:00:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security and bug fix update
2023-07-26 00:00:00
java-1.8.0-openjdk security and bug fix update
2023-07-26 00:00:00
java-1.8.0-openjdk security and bug fix update
2023-07-21 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime affect IBM ILOG CPLEX Optimization Studio (CVE-2023-22045, CVE-2023-22049)
2024-02-14 07:58:42
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to IBM Java SDK (Tech Edition) vulnerabilities
2024-07-15 20:01:01
Security Bulletin: Unspecified Vulnerability in IBM Java SDK affect Cloud Pak System [CVE-2023-22045, CVE-2023-22049]
2024-07-31 22:29:45
redhat
redhat
(RHSA-2023:4209) Moderate: OpenJDK 8u382 Security Update for Portable Linux Builds
2023-07-20 11:47:03
(RHSA-2023:4174) Moderate: java-1.8.0-openjdk security update
2023-07-19 16:35:47
(RHSA-2023:4176) Moderate: java-1.8.0-openjdk security and bug fix update
2023-07-20 11:23:47
osv
osv
Moderate: java-1.8.0-openjdk security and bug fix update
2023-08-08 12:34:57
Moderate: java-1.8.0-openjdk security and bug fix update
2023-07-20 00:00:00
java-1_8_0-openjdk-1.8.0.382-1.1 on GA media
2024-06-15 00:00:00
rocky
rocky
java-1.8.0-openjdk security and bug fix update
2023-08-08 12:34:57
java-1.8.0-openjdk security and bug fix update
2023-08-08 12:34:39
almalinux
almalinux
Moderate: java-1.8.0-openjdk security and bug fix update
2023-07-20 00:00:00
Moderate: java-1.8.0-openjdk security and bug fix update
2023-07-20 00:00:00
Moderate: java-11-openjdk security and bug fix update
2023-07-20 00:00:00
cloudlinux
cloudlinux
java-1.8.0-openjdk: Fix of 2 CVEs
2023-08-03 16:57:30
ubuntucve
ubuntucve
CVE-2023-22045
2023-07-18 00:00:00
CVE-2023-22049
2023-07-18 00:00:00
debiancve
debiancve
CVE-2023-22045
2023-07-18 21:15:14
CVE-2023-22049
2023-07-18 21:15:14
veracode
veracode
Information Disclosure
2023-10-02 19:13:46
Improper Input Validation
2023-10-02 19:13:50
cvelist
cvelist
CVE-2023-22045
2023-07-18 20:18:28
CVE-2023-22049
2023-07-18 20:18:32
cve
cve
CVE-2023-22045
2023-07-18 21:15:14
CVE-2023-22049
2023-07-18 21:15:14
prion
prion
Buffer overflow
2023-07-18 21:15:00
Buffer overflow
2023-07-18 21:15:00
alpinelinux
alpinelinux
CVE-2023-22049
2023-07-18 21:15:14
CVE-2023-22045
2023-07-18 21:15:14
redhatcve
redhatcve
CVE-2023-22049
2023-07-19 13:43:57
CVE-2023-22045
2023-07-19 13:43:53
nvd
nvd
CVE-2023-22045
2023-07-18 21:15:14
CVE-2023-22049
2023-07-18 21:15:14
f5
f5
K000135637 : Java vulnerability CVE-2023-22049
2023-07-27 00:00:00
debian
debian
[SECURITY] [DSA 5458-1] openjdk-17 security update
2023-07-25 18:52:56
amazon
amazon
Medium: java-1.8.0-openjdk
2023-08-03 18:10:00
ubuntu
ubuntu
OpenJDK 20 vulnerabilities
2023-08-03 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2023-08-31 12:31:07

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

28.0%

JSON
Related for OPENVAS:1361412562310833834
openvas12nessus56oraclelinux8ibm52redhat26osv14rocky2almalinux5cloudlinux1ubuntucve2debiancve2veracode2cvelist2cve2prion2alpinelinux2redhatcve2nvd2f51debian1amazon1ubuntu1aix1