Vulnerability Name: CVE-2023-21835 (CCN-245039) Assigned: 2022-12-17 Published: 2023-01-17 Updated: 2023-04-27 Summary: An unspecified vulnerability in Oracle Java SE and GraalVM Enterprise Edition related to the JSSE component could allow a remote authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. CVSS v3 Severity: 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L )4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L )4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L )4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Consequences: Denial of Service References: Source: MITRE Type: CNACVE-2023-21835 Source: XF Type: UNKNOWNoracle-cpujan2023-cve202321835(245039) Source: CCN Type: IBM Security Bulletin 6955873 (Semeru Runtimes)Multiple vulnerabilities may affect IBM Semeru Runtime Source: CCN Type: IBM Security Bulletin 6958146 (Cloud Pak for Watson AIOps)Multiple Vulnerabilities in CloudPak for Watson AIOPs Source: CCN Type: IBM Security Bulletin 6959891 (App Connect Enterprise Certified Container)IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2023-21830, CVE-2023-21835, CVE-2023-21843] Source: CCN Type: IBM Security Bulletin 6960739 (Spectrum Copy Data Management) Vulnerabilities in Golang Go and Java SE might affect IBM Spectrum Copy Data Management (CVE-2022-41717, CVE-2023-21830, CVE-2023-21835, CVE-2023-21843) Source: CCN Type: IBM Security Bulletin 6965846 (Robotic Process Automation)Multiple vulnerabilies in Java affect IBM Robotic Process Automation for Cloud Pak which may result in a denial of service (CVE-2023-21830, CVE-2023-21835, CVE-2023-21843) Source: CCN Type: IBM Security Bulletin 6986249 (Decision Optimization for Cloud Pak for Data)Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-21835, CVE-2023-21830, CVE-2023-21843 and CVE-2022-4304) Source: CCN Type: IBM Security Bulletin 7003337 (z/Transaction Processing Facility)Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility Source: CCN Type: Oracle CPUJan2023Oracle Critical Patch Update Advisory - January 2023 Source: secalert_us@oracle.com Type: Patch, Vendor Advisorysecalert_us@oracle.com Vulnerable Configuration: Configuration RedHat 1 :cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:* Configuration RedHat 3 :cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:* Configuration RedHat 4 :cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:* Configuration RedHat 5 :cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:* Configuration RedHat 6 :cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:* Configuration RedHat 7 :cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:* Configuration RedHat 8 :cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:* Configuration RedHat 9 :cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:* Configuration RedHat 10 :cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:* Configuration RedHat 11 :cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:graalvm:20.3.8:*:*:*:enterprise:*:*:* OR cpe:/a:oracle:graalvm:21.3.4:*:*:*:enterprise:*:*:* OR cpe:/a:oracle:graalvm:22.3.0:*:*:*:enterprise:*:*:* AND cpe:/a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.2:*:*:*:*:*:*:* OR cpe:/a:ibm:robotic_process_automation:23.0.2:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
oracle graalvm 20.3.8
oracle graalvm 21.3.4
oracle graalvm 22.3.0
ibm robotic process automation 21.0.0
ibm app connect enterprise certified container 4.1
ibm app connect enterprise certified container 4.2
ibm app connect enterprise certified container 5.0
ibm app connect enterprise certified container 5.1
ibm app connect enterprise certified container 5.2
ibm app connect enterprise certified container 6.0
ibm app connect enterprise certified container 6.1
ibm robotic process automation 23.0.0
ibm app connect enterprise certified container 6.2
ibm robotic process automation 23.0.2