Vulnerability Name:

CVE-2023-21830 (CCN-245038)

Assigned:2022-12-17
Published:2023-01-17
Updated:2023-07-21
Summary:An unspecified vulnerability in Oracle Java SE and GraalVM Enterprise Edition related to the Serialization component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Unknown
References:Source: MITRE
Type: CNA
CVE-2023-21830

Source: XF
Type: UNKNOWN
oracle-cpujan2023-cve202321830(245038)

Source: CCN
Type: IBM Security Bulletin 6955873 (Semeru Runtimes)
Multiple vulnerabilities may affect IBM Semeru Runtime

Source: CCN
Type: IBM Security Bulletin 6958146 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in CloudPak for Watson AIOPs

Source: CCN
Type: IBM Security Bulletin 6959651 (Rational Functional Tester)
A vulnerability in Open JDK affecting Rational Functional Tester

Source: CCN
Type: IBM Security Bulletin 6959891 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2023-21830, CVE-2023-21835, CVE-2023-21843]

Source: CCN
Type: IBM Security Bulletin 6960739 (Spectrum Copy Data Management)
Vulnerabilities in Golang Go and Java SE might affect IBM Spectrum Copy Data Management (CVE-2022-41717, CVE-2023-21830, CVE-2023-21835, CVE-2023-21843)

Source: CCN
Type: IBM Security Bulletin 6965846 (Robotic Process Automation)
Multiple vulnerabilies in Java affect IBM Robotic Process Automation for Cloud Pak which may result in a denial of service (CVE-2023-21830, CVE-2023-21835, CVE-2023-21843)

Source: CCN
Type: IBM Security Bulletin 6967213 (Java)
Multiple vulnerabilities may affect IBM? SDK, Java? Technology Edition

Source: CCN
Type: IBM Security Bulletin 6980375 (WebSphere Application Server)
Multiple vulnerabilities in IBM? Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to January 2023 CPU plus deferred CVE-2022-21426

Source: CCN
Type: IBM Security Bulletin 6980889 (PureData System for Operational Analytics)
Multiple vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU -April 2022 to January 2023 affects AIX LPARs in IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 6985311 (Watson Discovery)
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Java

Source: CCN
Type: IBM Security Bulletin 6985649 (Rational Functional Tester)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Source: CCN
Type: IBM Security Bulletin 6986249 (Decision Optimization for Cloud Pak for Data)
Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-21835, CVE-2023-21830, CVE-2023-21843 and CVE-2022-4304)

Source: CCN
Type: IBM Security Bulletin 6987143 (Sterling Secure Proxy)
IBM Sterling Secure Proxy is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Source: CCN
Type: IBM Security Bulletin 6987177 (Sterling External Authentication Server)
IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Source: CCN
Type: IBM Security Bulletin 6987815 (Business Automation Workflow)
Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Source: CCN
Type: IBM Security Bulletin 6988347 (InfoSphere Information Server)
Multiple vulnerabilities in IBM Java SDK (January 2023) affect IBM InfoSphere Information Server

Source: CCN
Type: IBM Security Bulletin 6988351 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6991667 (Tivoli Monitoring)
Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Source: CCN
Type: IBM Security Bulletin 6995185 (WebSphere Service Registry and Repository)
Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to October 2022 CPU and January 2023 CPU plus deferred CVE-2022-21426 and CVE-2022-3676

Source: CCN
Type: IBM Security Bulletin 6995887 (AIX)
Multiple vulnerabilities in IBM Java SDK affect AIX

Source: CCN
Type: IBM Security Bulletin 6997919 (Tivoli Application Dependency Discovery Manager)
TADDM affected by multiple vulnerabilities due to IBM Java and its runtime

Source: CCN
Type: IBM Security Bulletin 6998673 (Sterling Connect:Direct Browser User Interface)
IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java

Source: CCN
Type: IBM Security Bulletin 6998675 (Sterling Connect:Direct Web Services)
IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java

Source: CCN
Type: IBM Security Bulletin 6999295 (Liberty for Java for Cloud)
Multiple Vulnerabilities in IBM Java SDK affects Liberty for Java for IBM Cloud due to the January 2023 CPU plus deferred CVE-2022-21426

Source: CCN
Type: IBM Security Bulletin 6999555 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6999743 (Business Automation Workflow)
Multiple vulnerabilities in IBM Java Runtime affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - January 2023

Source: secalert_us@oracle.com
Type: Patch, Vendor Advisory
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Patch, Vendor Advisory
secalert_us@oracle.com

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*
    • Configuration RedHat 9:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 10:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*
    • Configuration RedHat 11:
  • cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_functional_tester:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:::~~liberty~~~:*:*:*:*:*
  • OR cpe:/a:ibm:rational_functional_tester:9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:7.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:8.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:19.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_secure_proxy:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_external_authentication_server:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.1:-:*:*:containers:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_external_authentication_server:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8080
    P
    		java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:8079
    P
    		java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20230208
    P
    		RHSA-2023:0208: java-1.8.0-openjdk security and bug fix update (Moderate)
    2023-01-26
    oval:com.redhat.rhsa:def:20230210
    P
    		RHSA-2023:0210: java-1.8.0-openjdk security and bug fix update (Moderate)
    2023-01-26
    oval:com.redhat.rhsa:def:20230203
    P
    		RHSA-2023:0203: java-1.8.0-openjdk security and bug fix update (Moderate)
    2023-01-24
    BACK
    ibm websphere application server 8.5
    ibm tivoli monitoring 6.3.0
    ibm websphere service registry and repository 8.5
    ibm aix 7.2
    ibm websphere application server 9.0
    ibm infosphere information server 11.7
    ibm rational functional tester 9.2
    ibm tivoli monitoring 6.3.0.7
    ibm websphere application server
    ibm rational functional tester 9.5
    ibm java 7.1.0.0
    ibm java 8.0.0.0
    ibm vios 3.1
    ibm cloud transformation advisor 2.0.1
    ibm business automation workflow 19.0.0.3
    ibm tivoli application dependency discovery manager 7.3.0.0
    ibm business automation workflow 20.0.0.2
    ibm sterling secure proxy 6.0.3
    ibm secure external authentication server 6.0.3
    ibm aix 7.3
    ibm business automation workflow 21.0.3
    ibm robotic process automation 21.0.0
    ibm app connect enterprise certified container 4.1
    ibm business automation workflow 22.0.1 -
    ibm app connect enterprise certified container 4.2
    ibm app connect enterprise certified container 5.0
    ibm app connect enterprise certified container 5.1
    ibm app connect enterprise certified container 5.2
    ibm app connect enterprise certified container 6.0
    ibm app connect enterprise certified container 6.1
    ibm app connect enterprise certified container 6.2
    ibm sterling external authentication server 6.1.0
    ibm business automation workflow 22.0.2