Vulnerability Name:

CVE-2023-21930 (CCN-253115)

Assigned:2022-12-17
Published:2023-04-18
Updated:2023-06-17
Summary:An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high confidentiality impact and high integrity impact.
CVSS v3 Severity:7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
7.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): None
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2023-21930

Source: XF
Type: UNKNOWN
oracle-cpuapr2023-cve202321930(253115)

Source: secalert_us@oracle.com
Type: UNKNOWN
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: UNKNOWN
secalert_us@oracle.com

Source: CCN
Type: IBM Security Bulletin 6995595 (Spectrum Copy Data Management)
Vulnerabilities in Oracle Java SE might affect IBM Spectrum Copy Data Management (CVE-2023-21968, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21937, CVE-2023-21930)

Source: CCN
Type: IBM Security Bulletin 7001271 (Semeru Runtime)
Multiple vulnerabilities may affect IBM Semeru Runtime

Source: CCN
Type: IBM Security Bulletin 7001663 (Java)
Multiple vulnerabilities may affect IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 7001677 (WebSphere Application Server)
Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2023 CPU

Source: CCN
Type: IBM Security Bulletin 7002387 (WebSphere Service Registry and Repository)
Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to April 2023 CPU

Source: CCN
Type: IBM Security Bulletin 7002711 (Cloud Object Storage System)
Vulnerabilities with Linux Kernel

Source: CCN
Type: IBM Security Bulletin 7003317 (Watson Explorer DAE oneWEX Components)
IBM Watson Explorer is affected by multiple vulnerabilities in Java

Source: CCN
Type: IBM Security Bulletin 7005601 (Rational Functional Tester)
Multiple vulnerabilities in Open JDK affecting Rational Functional Tester

Source: CCN
Type: IBM Security Bulletin 7005851 (Operational Decision Manager)
IBM Operational Decision Manager June 2023 - Multiple CVEs

Source: CCN
Type: IBM Security Bulletin 7007695 (Cloud Application Business Insights)
Vulnerabilities in Java affects IBM Cloud Application Business Insights - CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597, CVE-2023-21830 & CVE-2023-21843

Source: CCN
Type: IBM Security Bulletin 7008335 (CICS Transaction Gateway)
Multiple vulnerabilities may affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Source: CCN
Type: IBM Security Bulletin 7008991 (App Connect Enterprise)
Multiple vulnerabilities in IBM SDK Java affect IBM App Connect Enterprise and IBM Integration Bus

Source: CCN
Type: IBM Security Bulletin 7009301 (Sterling Connect:Direct Web Services)
IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java

Source: CCN
Type: IBM Security Bulletin 7009333 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container DesignerAuthoring operand is vulnerable to DOS/loss of integrity/confidentiality [CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968]

Source: CCN
Type: IBM Security Bulletin 7009457 (License Metric Tool)
Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Source: CCN
Type: IBM Security Bulletin 7009483 (CICS TX Standard)
Multiple CVEs may affect IBM? SDK, Java? Technology Edition shipped with IBM CICS TX Standard

Source: CCN
Type: IBM Security Bulletin 7009485 (CICS TX Advanced)
Multiple CVEs may affect IBM SDK, Java Technology Edition shipped with IBM CICS TX Advanced

Source: CCN
Type: IBM Security Bulletin 7009487 (TXSeries for Multiplatforms)
Multiple CVEs may affect IBM SDK, Java Technology Edition shipped with IBM TXSeries for Multiplatforms

Source: CCN
Type: IBM Security Bulletin 7009499 (Tivoli Application Dependency Discovery Manager)
TADDM affected by multiple vulnerabilities due to IBM Java and its runtime

Source: CCN
Type: IBM Security Bulletin 7009903 (Watson Assistant for Cloud Pak for Data)
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified multiple vulnerabilities in Oracle Java SE, Oracle GraalVM Enterprise Edition

Source: CCN
Type: IBM Security Bulletin 7009987 (Sterling Connect:Direct File Agent)
IBM Sterling Connect:Direct File Agent is vulnerable to a buffer overflow and unspecified vulnerabilities in IBM Runtime Environment Java Technology Edition (CVE-2023-21930, CVE-2023-21939, CVE-2023-21967, CVE-2023-21968)

Source: CCN
Type: IBM Security Bulletin 7010057 (App Connect Professional)
Multiple vulnerabilities in IBM Java SDK affects App Connect Professional.

Source: CCN
Type: IBM Security Bulletin 7010083 (Liberty for Java for Cloud)
Multiple Vulnerabilities in IBM Java SDK affect Liberty for Java for IBM Cloud due to April 2023 CPU

Source: CCN
Type: IBM Security Bulletin 7010095 (Sterling Connect Direct for Microsoft Windows)
IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to unspecified vulnerabilities in IBM Runtime Environment Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 7010331 (DataPower Gateway)
IBM DataPower Gateway affected by multiple issues in JRE

Source: CCN
Type: IBM Security Bulletin 7011059 (AIX)
Multiple vulnerabilities in IBM Java SDK affect AIX

Source: CCN
Type: IBM Security Bulletin 7011405 (Sterling Connect:Direct for UNIX)
IBM Sterling Connect:Direct for UNIX is vulnerable to unspecified vulnerabilities in IBM Runtime Environment Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 7011409 (Sterling Connect:Direct FTP+)
IBM Sterling Connect:Direct FTP+ is vulnerable to unspecified vulnerabilities due to IBM Runtime Environment Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 7011469 (Rational Functional Tester)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Source: CCN
Type: IBM Security Bulletin 7011773 (Event Streams)
IBM Event Streams is affected by multiple Semaru Java vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7011963 (Enterprise Content Management System Monitor)
Enterprise Content Management System Monitor is affected by a vulnerability in Oracle Java SE

Source: CCN
Type: IBM Security Bulletin 7011965 (Security SOAR)
IBM Security SOAR is using a component with multiple known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7012037 (Watson Discovery)
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Java

Source: CCN
Type: IBM Security Bulletin 7012395 (Sterling Connect:Direct Browser User Interface)
Multiple Vulnerabilities in IBM Sterling Connect:Direct Browser User Interface due to Java and Eclipse

Source: CCN
Type: IBM Security Bulletin 7013887 (Operations Analytics Predictive Insights)
Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

Source: CCN
Type: IBM Security Bulletin 7014057 (Host On-Demand)
Vulnerability in IBM Java Runtime affects Host On-Demand

Source: CCN
Type: IBM Security Bulletin 7015249 (Installation Manager)
A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility

Source: CCN
Type: IBM Security Bulletin 7015271 (Cloud Pak for Business Automation)
Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2023

Source: CCN
Type: IBM Security Bulletin 7016696 (PowerVM Novalink)
IBM PowerVM Novalink is vulnerable because An unspecified vulnerability in Oracle Java SE. (CVE-2023-21930)

Source: CCN
Type: IBM Security Bulletin 7020316 (Watson Knowledge Catalog on-prem)
Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Source: CCN
Type: Oracle CPUApr2023
Oracle Critical Patch Update Advisory - April 2023

Source: secalert_us@oracle.com
Type: Patch, Vendor Advisory
secalert_us@oracle.com

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*
  • AND
  • cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:txseries:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:txseries:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:license_metric_tool:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_functional_tester:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:::~~liberty~~~:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect:11.0.0.1:*:*:*:enterprise:*:*:*
  • OR cpe:/a:ibm:rational_functional_tester:9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:7.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:8.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.0.0:*:deep_analytics:*:foundational_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.1:*:deep_analytics:*:foundational_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2.2:*:deep_analytics:*:foundational_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.0.0:*:deep_analytics:*:analytical_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.1:*:deep_analytics:*:analytical_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2.2:*:deep_analytics:*:analytical_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.0.3:*:foundational_components:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.1:*:foundational_components:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.0.3:*:analytical_components:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.1:*:analytical_components:*:*:*:*:*
  • OR cpe:/a:ibm:operational_decision_manager:8.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.0.0:*:analytical_components:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.2.0:*:analytical_components:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.0.0:*:foundational_components:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.2.0:*:foundational_components:*:*:*:*:*
  • OR cpe:/a:ibm:txseries:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:datapower_gateway:10.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_copy_data_management:2.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:datapower_gateway:10.5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_connect:direct:6.0.0.0:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:sterling_connect:direct:6.1.0.0:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.0.0:*:deep_analytics:*:onewex_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.0.1:*:deep_analytics:*:onewex_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.1:*:deep_analytics:*:onewex_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2.0:*:deep_analytics:*:onewex_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2.2:*:deep_analytics:*:onewex_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2.0:*:deep_analytics:*:analytical_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2.0:*:deep_analytics:*:foundational_components:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8150
    P
    		Security update for java-1_8_0-ibm (Important)
    2023-06-13
    oval:org.opensuse.security:def:7535
    P
    		java-11-openjdk-11.0.19.0-150000.3.96.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7536
    P
    		java-17-openjdk-17.0.7.0-150400.3.18.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:8151
    P
    		Security update for java-1_8_0-openjdk (Important) (in QA)
    2023-06-12
    BACK
    oracle graalvm 20.3.5
    oracle graalvm 21.3.1
    oracle graalvm 20.3.9
    ibm websphere application server 8.5
    ibm cics transaction gateway 9.0
    ibm cics transaction gateway 9.1
    ibm websphere service registry and repository 8.5
    ibm txseries 8.1
    ibm txseries 8.2
    ibm license metric tool 9.2
    ibm aix 7.2
    ibm websphere application server 9.0
    ibm operations analytics predictive insights 1.3.5
    ibm operations analytics predictive insights 1.3.6
    ibm rational functional tester 9.2
    ibm websphere application server
    ibm app connect 11.0.0.1
    ibm rational functional tester 9.5
    ibm java 7.1.0.0
    ibm java 8.0.0.0
    ibm watson explorer 12.0.0.0
    ibm watson explorer 12.0.1
    ibm watson explorer 12.0.2.2
    ibm watson explorer 12.0.0.0
    ibm watson explorer 12.0.1
    ibm watson explorer 12.0.2.2
    ibm watson explorer 11.0.0.3
    ibm watson explorer 11.0.1
    ibm watson explorer 11.0.0.3
    ibm watson explorer 11.0.1
    ibm operational decision manager 8.10
    ibm vios 3.1
    ibm watson explorer 11.0.0.0
    ibm watson explorer 11.0.2.0
    ibm watson explorer 11.0.0.0
    ibm watson explorer 11.0.2.0
    ibm txseries 9.1
    ibm tivoli application dependency discovery manager 7.3.0.0
    ibm event streams 10.0.0
    ibm datapower gateway 10.0.1.0
    ibm app connect enterprise 12.0.1.0
    ibm aix 7.3
    ibm cloud pak for business automation 18.0.0
    ibm cloud pak for business automation 18.0.2
    ibm cloud pak for business automation 19.0.1
    ibm cloud pak for business automation 19.0.3
    ibm cloud pak for business automation 20.0.1
    ibm cloud pak for business automation 20.0.3
    ibm cloud pak for business automation 21.0.1 -
    ibm cloud pak for business automation 21.0.2 -
    ibm cloud pak for business automation 21.0.3 -
    ibm spectrum copy data management 2.2.0.0
    ibm app connect enterprise certified container 4.1
    ibm cics tx 11.1
    ibm cics tx 11.1
    ibm app connect enterprise certified container 4.2
    ibm datapower gateway 10.5.0.0
    ibm sterling connect:direct 6.0.0.0
    ibm sterling connect:direct 6.1.0.0
    ibm cloud pak for business automation 22.0.1 -
    ibm app connect enterprise certified container 5.0
    ibm app connect enterprise certified container 5.1
    ibm app connect enterprise certified container 5.2
    ibm app connect enterprise certified container 6.0
    ibm app connect enterprise certified container 6.1
    ibm cics transaction gateway 9.2
    ibm app connect enterprise certified container 6.2
    ibm cloud pak for business automation 22.0.2 -
    ibm watson explorer 12.0.0.0
    ibm watson explorer 12.0.0.1
    ibm watson explorer 12.0.1
    ibm watson explorer 12.0.2.0
    ibm watson explorer 12.0.2.2
    ibm watson explorer 12.0.2.0
    ibm watson explorer 12.0.2.0