ROSA LABROSA-SA-2023-2312Advisory ROSA-SA-2023-2312
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7.2 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
53.4%
Software: java-1.8.0-openjdk 1.8.0.392.b08
OS: rosa-server79
package_evr_string: java-1.8.0-openjdk-1.8.0.392.b08-2.res7
CVE-ID: CVE-2023-22045
BDU-ID: 2023-04350
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the Hotspot component of the Java SE software platform and Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK virtual machines involves errors in input processing. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information
CVE-STATUS: Resolved
CVE-REV: To close, run yum update java-1.8.0-openjdk command
CVE-ID: CVE-2023-22049
BDU-ID: 2023-03983
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read, modify, add, or delete data
CVE-STATUS: Resolved
CVE-REV: Run the yum update java-1.8.0-openjdk command to close it
CVE-ID: CVE-2023-22067
BDU-ID: 2023-06980
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the CORBA component of Oracle Java SE software platforms is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read, modify, add, or delete data
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-1.8.0-openjdk command
CVE-ID: CVE-2022-21271
BDU-ID: 2022-02000
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Libraries component of the Oracle Java SE software platform, Oracle GraalVM Enterprise Edition virtual machine, and Oracle Solaris operating system is related to resource release errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-1.8.0-openjdk command
CVE-ID: CVE-2022-21293
BDU-ID: 2022-01986
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run yum update java-1.8.0-openjdk command
CVE-ID: CVE-2023-22081
BDU-ID: 2023-07023
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the JSSE component of the Java SE software platform and Oracle GraalVM for JDK virtual machine is related to errors in the certificate authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: Run the yum update java-1.8.0-openjdk command to close.
CVE-ID: CVE-2023-22043
BDU-ID: 2023-04260
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the JavaFX component of Oracle Java SE software platforms is related to input processing errors. Exploitation of the vulnerability could allow an attacker acting remotely to impact data integrity
CVE-STATUS: Resolved
CVE-REV: Run the yum update java-1.8.0-openjdk command to close it.
CVE-ID: CVE-2020-14781
BDU-ID: 2020-05049
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the JNDI component of the Java SE, Java SE Embedded software platforms is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information
CVE-STATUS: Fixed
CVE-REV: To close, run yum update java-1.8.0-openjdk.
CVE-ID: CVE-2020-14782
BDU-ID: 2020-05048
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the Libraries component of the Java SE, Java SE Embedded software platforms is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to modify, add, or delete data
CVE-STATUS: Resolved
CVE-REV: To close, run yum update java-1.8.0-openjdk command
CVE-ID: CVE-2020-14797
BDU-ID: 2020-05050
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the Libraries component of the Java SE, Java SE Embedded software platforms is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to modify, add, or delete data
CVE-STATUS: Resolved
CVE-REV: To close, run yum update java-1.8.0-openjdk command
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7.2 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
53.4%