Vulnerability Name:

CVE-2023-21939 (CCN-253168)

Assigned:2022-12-17
Published:2023-04-18
Updated:2023-06-17
Summary:An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Swing component could allow a remote attacker to cause integrity impact.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2023-21939

Source: XF
Type: UNKNOWN
oracle-cpuapr2023-cve202321939(253168)

Source: secalert_us@oracle.com
Type: UNKNOWN
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: UNKNOWN
secalert_us@oracle.com

Source: CCN
Type: IBM Security Bulletin 6995595 (Spectrum Copy Data Management)
Vulnerabilities in Oracle Java SE might affect IBM Spectrum Copy Data Management (CVE-2023-21968, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21937, CVE-2023-21930)

Source: CCN
Type: IBM Security Bulletin 7001271 (Semeru Runtime)
Multiple vulnerabilities may affect IBM Semeru Runtime

Source: CCN
Type: IBM Security Bulletin 7001663 (Java)
Multiple vulnerabilities may affect IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 7002711 (Cloud Object Storage System)
Vulnerabilities with Linux Kernel

Source: CCN
Type: IBM Security Bulletin 7005601 (Rational Functional Tester)
Multiple vulnerabilities in Open JDK affecting Rational Functional Tester

Source: CCN
Type: IBM Security Bulletin 7005851 (Operational Decision Manager)
IBM Operational Decision Manager June 2023 - Multiple CVEs

Source: CCN
Type: IBM Security Bulletin 7007675 (InfoSphere Information Server)
Multiple vulnerabilities in IBM Java SDK (April 2023) affect IBM InfoSphere Information Server

Source: CCN
Type: IBM Security Bulletin 7007695 (Cloud Application Business Insights)
Vulnerabilities in Java affects IBM Cloud Application Business Insights - CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597, CVE-2023-21830 & CVE-2023-21843

Source: CCN
Type: IBM Security Bulletin 7008335 (CICS Transaction Gateway)
Multiple vulnerabilities may affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Source: CCN
Type: IBM Security Bulletin 7008991 (App Connect Enterprise)
Multiple vulnerabilities in IBM SDK Java affect IBM App Connect Enterprise and IBM Integration Bus

Source: CCN
Type: IBM Security Bulletin 7009301 (Sterling Connect:Direct Web Services)
IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java

Source: CCN
Type: IBM Security Bulletin 7009333 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container DesignerAuthoring operand is vulnerable to DOS/loss of integrity/confidentiality [CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968]

Source: CCN
Type: IBM Security Bulletin 7009457 (License Metric Tool)
Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Source: CCN
Type: IBM Security Bulletin 7009483 (CICS TX Standard)
Multiple CVEs may affect IBM? SDK, Java? Technology Edition shipped with IBM CICS TX Standard

Source: CCN
Type: IBM Security Bulletin 7009485 (CICS TX Advanced)
Multiple CVEs may affect IBM SDK, Java Technology Edition shipped with IBM CICS TX Advanced

Source: CCN
Type: IBM Security Bulletin 7009487 (TXSeries for Multiplatforms)
Multiple CVEs may affect IBM SDK, Java Technology Edition shipped with IBM TXSeries for Multiplatforms

Source: CCN
Type: IBM Security Bulletin 7009499 (Tivoli Application Dependency Discovery Manager)
TADDM affected by multiple vulnerabilities due to IBM Java and its runtime

Source: CCN
Type: IBM Security Bulletin 7009903 (Watson Assistant for Cloud Pak for Data)
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified multiple vulnerabilities in Oracle Java SE, Oracle GraalVM Enterprise Edition

Source: CCN
Type: IBM Security Bulletin 7009987 (Sterling Connect:Direct File Agent)
IBM Sterling Connect:Direct File Agent is vulnerable to a buffer overflow and unspecified vulnerabilities in IBM Runtime Environment Java Technology Edition (CVE-2023-21930, CVE-2023-21939, CVE-2023-21967, CVE-2023-21968)

Source: CCN
Type: IBM Security Bulletin 7010057 (App Connect Professional)
Multiple vulnerabilities in IBM Java SDK affects App Connect Professional.

Source: CCN
Type: IBM Security Bulletin 7010083 (Liberty for Java for Cloud)
Multiple Vulnerabilities in IBM Java SDK affect Liberty for Java for IBM Cloud due to April 2023 CPU

Source: CCN
Type: IBM Security Bulletin 7010095 (Sterling Connect Direct for Microsoft Windows)
IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to unspecified vulnerabilities in IBM Runtime Environment Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 7010331 (DataPower Gateway)
IBM DataPower Gateway affected by multiple issues in JRE

Source: CCN
Type: IBM Security Bulletin 7011059 (AIX)
Multiple vulnerabilities in IBM Java SDK affect AIX

Source: CCN
Type: IBM Security Bulletin 7011405 (Sterling Connect:Direct for UNIX)
IBM Sterling Connect:Direct for UNIX is vulnerable to unspecified vulnerabilities in IBM Runtime Environment Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 7011409 (Sterling Connect:Direct FTP+)
IBM Sterling Connect:Direct FTP+ is vulnerable to unspecified vulnerabilities due to IBM Runtime Environment Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 7011469 (Rational Functional Tester)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Source: CCN
Type: IBM Security Bulletin 7011773 (Event Streams)
IBM Event Streams is affected by multiple Semaru Java vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7011965 (Security SOAR)
IBM Security SOAR is using a component with multiple known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7012037 (Watson Discovery)
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Java

Source: CCN
Type: IBM Security Bulletin 7012395 (Sterling Connect:Direct Browser User Interface)
Multiple Vulnerabilities in IBM Sterling Connect:Direct Browser User Interface due to Java and Eclipse

Source: CCN
Type: IBM Security Bulletin 7013595 (Rational Business Developer)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Source: CCN
Type: IBM Security Bulletin 7013887 (Operations Analytics Predictive Insights)
Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

Source: CCN
Type: IBM Security Bulletin 7015271 (Cloud Pak for Business Automation)
Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2023

Source: CCN
Type: IBM Security Bulletin 7015879 (Virtualization Engine TS7700 3957-VEC)
IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to use of IBM? SDK Java? Technology Edition, Version 8 (CVE-2023-21967, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937)

Source: CCN
Type: IBM Security Bulletin 7016696 (PowerVM Novalink)
IBM PowerVM Novalink is vulnerable because An unspecified vulnerability in Oracle Java SE. (CVE-2023-21930)

Source: CCN
Type: Oracle CPUApr2023
Oracle Critical Patch Update Advisory - April 2023

Source: secalert_us@oracle.com
Type: Vendor Advisory
secalert_us@oracle.com

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*
  • AND
  • cpe:/a:ibm:cics_transaction_gateway:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:txseries:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:txseries:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:license_metric_tool:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_business_developer:9.5:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_functional_tester:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect:11.0.0.1:*:*:*:enterprise:*:*:*
  • OR cpe:/a:ibm:rational_functional_tester:9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:7.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:8.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operational_decision_manager:8.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:txseries:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_business_developer:9.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:datapower_gateway:10.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_copy_data_management:2.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:datapower_gateway:10.5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_connect:direct:6.0.0.0:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:sterling_connect:direct:6.1.0.0:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8150
    P
    		Security update for java-1_8_0-ibm (Important)
    2023-06-13
    oval:org.opensuse.security:def:7535
    P
    		java-11-openjdk-11.0.19.0-150000.3.96.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7536
    P
    		java-17-openjdk-17.0.7.0-150400.3.18.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:8151
    P
    		Security update for java-1_8_0-openjdk (Important) (in QA)
    2023-06-12
    BACK
    oracle graalvm 20.3.9
    oracle graalvm 21.3.5
    oracle graalvm 22.3.1
    ibm cics transaction gateway 9.0
    ibm cics transaction gateway 9.1
    ibm txseries 8.1
    ibm txseries 8.2
    ibm license metric tool 9.2
    ibm rational business developer 9.5
    ibm aix 7.2
    ibm operations analytics predictive insights 1.3.5
    ibm operations analytics predictive insights 1.3.6
    ibm infosphere information server 11.7
    ibm rational functional tester 9.2
    ibm app connect 11.0.0.1
    ibm rational functional tester 9.5
    ibm java 7.1.0.0
    ibm java 8.0.0.0
    ibm operational decision manager 8.10
    ibm vios 3.1
    ibm txseries 9.1
    ibm tivoli application dependency discovery manager 7.3.0.0
    ibm rational business developer 9.6
    ibm event streams 10.0.0
    ibm datapower gateway 10.0.1.0
    ibm app connect enterprise 12.0.1.0
    ibm aix 7.3
    ibm cloud pak for business automation 18.0.0
    ibm cloud pak for business automation 18.0.2
    ibm cloud pak for business automation 19.0.1
    ibm cloud pak for business automation 19.0.3
    ibm cloud pak for business automation 20.0.1
    ibm cloud pak for business automation 20.0.3
    ibm cloud pak for business automation 21.0.1 -
    ibm cloud pak for business automation 21.0.2 -
    ibm cloud pak for business automation 21.0.3 -
    ibm spectrum copy data management 2.2.0.0
    ibm app connect enterprise certified container 4.1
    ibm cics tx 11.1
    ibm cics tx 11.1
    ibm app connect enterprise certified container 4.2
    ibm datapower gateway 10.5.0.0
    ibm sterling connect:direct 6.0.0.0
    ibm sterling connect:direct 6.1.0.0
    ibm cloud pak for business automation 22.0.1 -
    ibm app connect enterprise certified container 5.0
    ibm app connect enterprise certified container 5.1
    ibm app connect enterprise certified container 5.2
    ibm app connect enterprise certified container 6.0
    ibm app connect enterprise certified container 6.1
    ibm cics transaction gateway 9.2
    ibm app connect enterprise certified container 6.2
    ibm cloud pak for business automation 22.0.2 -