CVE-2023-22025

CVSS 3.1 Score 3.7 of 10 (low)

Details

Published Oct 17, 2023
Updated: Feb 1, 2024

Summary

CVE-2023-22025 is a vulnerability in multiple products of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. The affected versions include Oracle Java SE 8u381-perf, 17.0.8, and 21; Oracle GraalVM for JDK 17.0.8 and 21; and Oracle GraalVM Enterprise Edition 21.3.7 and 22.3.3. This vulnerability can be exploited by an unauthenticated attacker with network access through multiple protocols to compromise the mentioned products. Successful attacks can lead to unauthorized access to data in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition, allowing unauthorized update, insert or delete operations. This vulnerability also applies to sandboxed Java Web Start applications or sandboxed Java deployments typically found in clients running on the web.

To remediate this vulnerability, organizations should apply the latest security patches provided by Oracle for the affected products as soon as they become available. By keeping their software up to date, organizations can mitigate the risk of exploitation and ensure the security of their systems.

The potential danger posed by this vulnerability is relatively low due to its base severity being rated as LOW by the source (secalert_us@oracle.com). However, it should not be ignored as it still allows unauthorized access to certain data within the affected products. Organizations should prioritize patching their systems promptly to prevent any potential unauthorized actions on their sensitive data and maintain overall system security integrity.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-22025 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options