Vulnerability Name:

CVE-2023-21835 (CCN-245039)

Assigned:2022-12-17
Published:2023-01-17
Updated:2023-04-27
Summary:An unspecified vulnerability in Oracle Java SE and GraalVM Enterprise Edition related to the JSSE component could allow a remote authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2023-21835

Source: XF
Type: UNKNOWN
oracle-cpujan2023-cve202321835(245039)

Source: CCN
Type: IBM Security Bulletin 6955873 (Semeru Runtimes)
Multiple vulnerabilities may affect IBM Semeru Runtime

Source: CCN
Type: IBM Security Bulletin 6958146 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in CloudPak for Watson AIOPs

Source: CCN
Type: IBM Security Bulletin 6959891 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2023-21830, CVE-2023-21835, CVE-2023-21843]

Source: CCN
Type: IBM Security Bulletin 6960739 (Spectrum Copy Data Management)
Vulnerabilities in Golang Go and Java SE might affect IBM Spectrum Copy Data Management (CVE-2022-41717, CVE-2023-21830, CVE-2023-21835, CVE-2023-21843)

Source: CCN
Type: IBM Security Bulletin 6965846 (Robotic Process Automation)
Multiple vulnerabilies in Java affect IBM Robotic Process Automation for Cloud Pak which may result in a denial of service (CVE-2023-21830, CVE-2023-21835, CVE-2023-21843)

Source: CCN
Type: IBM Security Bulletin 6986249 (Decision Optimization for Cloud Pak for Data)
Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-21835, CVE-2023-21830, CVE-2023-21843 and CVE-2022-4304)

Source: CCN
Type: IBM Security Bulletin 7003337 (z/Transaction Processing Facility)
Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

Source: CCN
Type: Oracle CPUJan2023
Oracle Critical Patch Update Advisory - January 2023

Source: secalert_us@oracle.com
Type: Patch, Vendor Advisory
secalert_us@oracle.com

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*
    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*
    • Configuration RedHat 10:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*
    • Configuration RedHat 11:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:graalvm:20.3.8:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:graalvm:21.3.4:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:graalvm:22.3.0:*:*:*:enterprise:*:*:*
  • AND
  • cpe:/a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:23.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8079
    P
    		java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7535
    P
    		java-11-openjdk-11.0.19.0-150000.3.96.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7536
    P
    		java-17-openjdk-17.0.7.0-150400.3.18.2 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20230195
    P
    		RHSA-2023:0195: java-11-openjdk security and bug fix update (Moderate)
    2023-01-23
    oval:com.redhat.rhsa:def:20230194
    P
    		RHSA-2023:0194: java-17-openjdk security and bug fix update (Moderate)
    2023-01-23
    oval:com.redhat.rhsa:def:20230192
    P
    		RHSA-2023:0192: java-17-openjdk security and bug fix update (Moderate)
    2023-01-18
    oval:com.redhat.rhsa:def:20230200
    P
    		RHSA-2023:0200: java-11-openjdk security and bug fix update (Moderate)
    2023-01-18
    oval:com.redhat.rhsa:def:20230202
    P
    		RHSA-2023:0202: java-11-openjdk security and bug fix update (Moderate)
    2023-01-18
    BACK
    oracle graalvm 20.3.8
    oracle graalvm 21.3.4
    oracle graalvm 22.3.0
    ibm robotic process automation 21.0.0
    ibm app connect enterprise certified container 4.1
    ibm app connect enterprise certified container 4.2
    ibm app connect enterprise certified container 5.0
    ibm app connect enterprise certified container 5.1
    ibm app connect enterprise certified container 5.2
    ibm app connect enterprise certified container 6.0
    ibm app connect enterprise certified container 6.1
    ibm robotic process automation 23.0.0
    ibm app connect enterprise certified container 6.2
    ibm robotic process automation 23.0.2