Vulnerability Name: CVE-2023-21843 (CCN-245037) Assigned: 2022-12-17 Published: 2023-01-17 Updated: 2023-04-27 Summary: An unspecified vulnerability in Oracle Java SE and GraalVM Enterprise Edition related to the Sound component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors. CVSS v3 Severity: 3.7 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 3.2 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 3.2 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
3.7 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 3.2 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Consequences: Unknown References: Source: MITRECVE-2023-21843 oracle-cpujan2023-cve202321843(245037) Multiple vulnerabilities may affect IBM Semeru Runtime Multiple Vulnerabilities in CloudPak for Watson AIOPs A vulnerability in Open JDK affecting Rational Functional Tester IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2023-21830, CVE-2023-21835, CVE-2023-21843] Vulnerabilities in Golang Go and Java SE might affect IBM Spectrum Copy Data Management (CVE-2022-41717, CVE-2023-21830, CVE-2023-21835, CVE-2023-21843) Multiple vulnerabilies in Java affect IBM Robotic Process Automation for Cloud Pak which may result in a denial of service (CVE-2023-21830, CVE-2023-21835, CVE-2023-21843) Multiple vulnerabilities may affect IBM? SDK, Java? Technology Edition IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Java Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-21835, CVE-2023-21830, CVE-2023-21843 and CVE-2022-4304) Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities Vulnerabilities in IBM Java included with IBM Tivoli Monitoring. Multiple vulnerabilities in IBM Java SDK affect AIX TADDM affected by multiple vulnerabilities due to IBM Java and its runtime IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java Multiple Vulnerabilities in IBM Java SDK affects Liberty for Java for IBM Cloud due to the January 2023 CPU plus deferred CVE-2022-21426 IBM Data Risk Manager is affected by multiple vulnerabilities Multiple vulnerabilities in IBM Java Runtime affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow Multiple vulnerabilities in IBM Java SDK and WebSphere Application Server Liberty profile affect IBM Business Automation Workflow containers IBM Cloud Pak for Security includes components with multiple known vulnerabilities IBM Sterling Control Center is vulnerable to denial of service due to Java SE (CVE-2023-21830, CVE-2023-21843) Multiple Vulnerabilities in IBM Java SDK affect Cloud Pak System (CVE-2023-21830, 2023-21843) IBM Storage Protect Operations Center is vulnerable to denial of service due to Java SE (CVE-2023-21830, CVE-2023-21843) IBM Storage Protect Server is vulnerable to denial of service due to Java SE (CVE-2023-21830, CVE-2023-21843) Security vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2023-21830, CVE-2023-21843) Vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2023-21830, CVE-2023-21843) Vulnerabilities in Java affects IBM Cloud Application Business Insights - CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597, CVE-2023-21830 & CVE-2023-21843 CVE-2023-21830 and CVE-2023-21843 may affect IBM SDK, Java Technology Edition shipped with IBM CICS TX Advanced CVE-2023-21830 and CVE-2023-21843 may affect IBM SDK, Java Technology Edition shipped with IBM CICS TX Standard CVE-2023-21830 and CVE-2023-21843 may affect IBM SDK, Java Technology Edition shipped with IBM TXSeries for Multiplatforms Multiple vulnerabilities may affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. Multiple vulnerabilities in IBM SDK Java affect IBM App Connect Enterprise and IBM Integration Bus Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2023 Multiple vulnerabilities in IBM Java SDK affects App Connect Professional. Vulnerabilities in IBM Java affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2022-21426, CVE-2023-21830, CVE-2023-21843) IBM Security SOAR is using a component with multiple known vulnerabilities Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights Multiple Vulnerabilities in Rational Synergy 7.2.2.5 Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2023 Oracle Critical Patch Update Advisory - January 2023 secalert_us@oracle.com Vulnerable Configuration: Configuration RedHat 1 :cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:* Configuration RedHat 3 :cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:* Configuration RedHat 4 :cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:* Configuration RedHat 5 :cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:* Configuration RedHat 6 :cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:* Configuration RedHat 7 :cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:* Configuration RedHat 8 :cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:* Configuration RedHat 9 :cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:* Configuration RedHat 10 :cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:* Configuration RedHat 11 :cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:graalvm:20.3.8:*:*:*:enterprise:*:*:* OR cpe:/a:oracle:graalvm:21.3.4:*:*:*:enterprise:*:*:* OR cpe:/a:oracle:graalvm:22.3.0:*:*:*:enterprise:*:*:* AND cpe:/a:ibm:cics_transaction_gateway:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:9.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:txseries:8.1:*:*:*:*:*:*:* OR cpe:/a:ibm:txseries:8.2:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.5:*:*:*:*:*:*:* OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.6:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_functional_tester:9.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect:11.0.0.1:*:*:*:enterprise:*:*:* OR cpe:/a:ibm:tivoli_business_service_manager:6.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_functional_tester:9.5:*:*:*:*:*:*:* OR cpe:/a:ibm:java:7.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:java:8.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:19.0.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:txseries:9.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:21.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:-:*:*:containers:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:* OR cpe:/a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:-:*:*:containers:*:*:* OR cpe:/a:ibm:business_automation_workflow:21.0.3:-:*:*:containers:*:*:* OR cpe:/a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:21.0.2:-:*:*:containers:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_tx:11.1:*:*:*:standard:*:*:* OR cpe:/a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_automation_workflow:22.0.1:-:*:*:containers:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:22.0.1:-:*:*:containers:*:*:* OR cpe:/a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:21.0.3.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:9.2:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:22.0.2:-:*:*:containers:*:*:* OR cpe:/a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:* OR cpe:/a:ibm:robotic_process_automation:23.0.2:*:*:*:*:*:*:* Oval Definitions BACK
oracle graalvm 20.3.8
oracle graalvm 21.3.4
oracle graalvm 22.3.0
ibm cics transaction gateway 9.0
ibm tivoli monitoring 6.3.0
ibm cics transaction gateway 9.1
ibm tivoli netcool/impact 7.1.0
ibm txseries 8.1
ibm txseries 8.2
ibm aix 7.2
ibm operations analytics predictive insights 1.3.5
ibm operations analytics predictive insights 1.3.6
ibm rational functional tester 9.2
ibm tivoli monitoring 6.3.0.7
ibm app connect 11.0.0.1
ibm tivoli business service manager 6.2.0
ibm rational functional tester 9.5
ibm java 7.1.0.0
ibm java 8.0.0.0
ibm vios 3.1
ibm cloud transformation advisor 2.0.1
ibm business automation workflow 19.0.0.3
ibm txseries 9.1
ibm tivoli application dependency discovery manager 7.3.0.0
ibm cloud pak system 2.3.1.1
ibm cloud pak system 2.3.2.0
ibm business automation workflow 20.0.0.2
ibm app connect enterprise 12.0.1.0
ibm aix 7.3
ibm business automation workflow 21.0.3
ibm business automation workflow 20.0.0.1 -
ibm business automation workflow 20.0.0.1
ibm business automation workflow 20.0.0.2
ibm business automation workflow 21.0.1
ibm business automation workflow 20.0.0.2 -
ibm business automation workflow 21.0.3 -
ibm robotic process automation 21.0.0
ibm cloud pak for business automation 18.0.0
ibm cloud pak for business automation 18.0.2
ibm cloud pak for business automation 19.0.1
ibm cloud pak for business automation 19.0.3
ibm cloud pak for business automation 20.0.1
ibm cloud pak for business automation 20.0.3
ibm cloud pak for business automation 21.0.1 -
ibm cloud pak for business automation 21.0.2 -
ibm cloud pak for business automation 21.0.3 -
ibm business automation workflow 21.0.2 -
ibm app connect enterprise certified container 4.1
ibm cics tx 11.1
ibm cics tx 11.1
ibm business automation workflow 22.0.1 -
ibm app connect enterprise certified container 4.2
ibm business automation workflow 22.0.1 -
ibm business automation workflow 22.0.1
ibm cloud pak for business automation 22.0.1 -
ibm cloud pak for security 1.10.0.0
ibm business automation workflow 21.0.3.1
ibm app connect enterprise certified container 5.0
ibm app connect enterprise certified container 5.1
ibm app connect enterprise certified container 5.2
ibm app connect enterprise certified container 6.0
ibm app connect enterprise certified container 6.1
ibm cics transaction gateway 9.2
ibm business automation workflow 22.0.2 -
ibm robotic process automation 23.0.0
ibm app connect enterprise certified container 6.2
ibm cloud pak for business automation 22.0.2 -
ibm robotic process automation 23.0.2
Denotes that component is vulnerable