Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2151
HistoryApr 11, 2023 - 2:18 p.m.

Advisory ROSA-SA-2023-2151

2023-04-1114:18:24
ROSA LAB
abf.rosalinux.ru
15
java-11-openjdk
rosa-server79
vulnerability fix
network access
unauthorized access
oracle java se
graalvm enterprise edition
http
https
kerberos

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

Software: java-11-openjdk 11.0.18.0.10-1
OS: rosa-server79

package_evr_string: 11.0.18.0.10-1

CVE-ID: CVE-2022-39399
BDU-ID: None
CVE-Crit: LOW
CVE-DESC: A difficult-to-exploit vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks against this vulnerability could result in unauthorized update, insertion, or removal of access to some available Oracle Java SE, Oracle GraalVM Enterprise Edition data.
CVE-STATUS: Fixed
CVE-REV: Run the yum update java-11-openjdk command to close it

CVE-ID: CVE-2022-21628
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: An easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability could result in an unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.
CVE-STATUS: Fixed
CVE-REV: Run the yum update java-11-openjdk command to close.

CVE-ID: CVE-2022-21624
BDU-ID: None
CVE-Crit: LOW
CVE-DESC: A difficult-to-exploit vulnerability allows an unauthenticated attacker with network access over multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability could result in unauthorized update, insertion, or removal of access to some available Oracle Java SE, Oracle GraalVM Enterprise Edition data.
CVE-STATUS: Fixed
CVE-REV: Run the yum update java-11-openjdk command to close it

CVE-ID: CVE-2022-21626
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: An easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability could result in an unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.
CVE-STATUS: Fixed
CVE-REV: Run the yum update java-11-openjdk command to close.

CVE-ID: CVE-2022-21619
BDU-ID: None
CVE-Crit: LOW
CVE-DESC: A difficult-to-exploit vulnerability allows an unauthenticated attacker with network access over multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability could result in unauthorized update, insertion, or removal of access to some available Oracle Java SE, Oracle GraalVM Enterprise Edition data.
CVE-STATUS: Fixed
CVE-REV: Run the yum update java-11-openjdk command to close it

CVE-ID: CVE-2022-21618
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: An easily exploitable vulnerability allows an unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability could result in unauthorized update, insertion, or removal of access to some available Oracle Java SE, Oracle GraalVM Enterprise Edition data.
CVE-STATUS: Fixed
CVE-REV: Run the yum update java-11-openjdk command to close it

CVE-ID: CVE-2023-21843
BDU-ID: None
CVE-Crit: LOW
CVE-DESC: A difficult-to-exploit vulnerability allows an unauthenticated attacker with network access over multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability could result in unauthorized update, insertion, or removal of access to some available Oracle Java SE, Oracle GraalVM Enterprise Edition data.
CVE-STATUS: Fixed
CVE-REV: Run the yum update java-11-openjdk command to close it

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%