CVE-2023-22051 : Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK p

Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Published 2023-07-18 21:15:15

Updated 2023-07-27 19:49:03

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2023-22051

Oracle » Graalvm » Version: 21.3.6 Enterprise Edition
cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:*
Matching versions
Oracle » Graalvm » Version: 22.3.2 Enterprise Edition
cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:*
Matching versions
Oracle » Graalvm For Jdk » Version: 17.0.7
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:*
Matching versions
Oracle » Graalvm For Jdk » Version: 20.0.1
cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-22051

EPSS FAQ

0.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 48 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-22051

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N	2.2	1.4	Oracle
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2023-22051

https://www.oracle.com/security-alerts/cpujul2023.html

Oracle Critical Patch Update Advisory - July 2023
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-22051

Products affected by CVE-2023-22051

Exploit prediction scoring system (EPSS) score for CVE-2023-22051

CVSS scores for CVE-2023-22051

References for CVE-2023-22051