CVE-2023-21937

一、漏洞信息
漏洞编号：CVE-2023-21937
漏洞归属组件：openjdk-latest
漏洞归属的版本：17.0.0.35,17.0.1.12,17.0.2.9
CVSS V3.0分值：
BaseScore：3.7 Low
Vector：CVSS：3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
漏洞简述：
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
漏洞公开时间：2023-04-19 04:15:00
漏洞创建时间：2023-04-19 22:58:28
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2023-21937

更多参考(点击展开)

参考来源	参考链接	来源链接
secalert_us.oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/
secalert_us.oracle.com	https://www.debian.org/security/2023/dsa-5430
secalert_us.oracle.com	https://www.debian.org/security/2023/dsa-5478
secalert_us.oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21937	https://bugzilla.suse.com/show_bug.cgi?id=1210631
suse_bugzilla	https://www.cve.org/CVERecord?id=CVE-2023-21937	https://bugzilla.suse.com/show_bug.cgi?id=1210631
suse_bugzilla	https://www.oracle.com/security-alerts/cpuapr2023.html#CVE-2023-21937	https://bugzilla.suse.com/show_bug.cgi?id=1210631
suse_bugzilla	https://www.oracle.com/security-alerts/cpuapr2023.html	https://bugzilla.suse.com/show_bug.cgi?id=1210631
redhat_bugzilla	https://github.com/openjdk/jdk8u/commit/a02c2bfb23dec01c987af1859654f0e4b44d70c6	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://github.com/openjdk/jdk8u/commit/2a54b080ed565c1d1ddadad27d2e4b77058ef2c7	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://github.com/openjdk/jdk8u/commit/17ba2dfb47f22a6a89609c94be50cabc6df5c8c9	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://github.com/openjdk/jdk11u/commit/a5bdad69ee3c93579ef4267a68784e6a3d691557	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://github.com/openjdk/jdk11u/commit/36871ab89cf5f531b1d045e22676275e60db91d7	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://github.com/openjdk/jdk17u/commit/43dd5ffb1008942bd04836add3f566f0c8771897	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://github.com/openjdk/jdk17u/commit/ae88233d9481be3968948ef71f9fdbaebb874160	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://www.oracle.com/java/technologies/javase/8u371-relnotes.html	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://www.oracle.com/java/technologies/javase/11-0-19-relnotes.html	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://www.oracle.com/java/technologies/javase/17-0-7-relnotes.html	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://www.oracle.com/java/technologies/javase/20-0-1-relnotes.html	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1875	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1877	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1878	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1879	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1880	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1883	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1882	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1885	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1884	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1889	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1890	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1891	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1892	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1895	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1898	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1899	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1900	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1904	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1911	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1905	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1906	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1909	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1908	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1910	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1907	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1912	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:1903	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/security/cve/cve-2023-21937	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:4103	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2023:4160	https://bugzilla.redhat.com/show_bug.cgi?id=2187790
debian		https://security-tracker.debian.org/tracker/CVE-2023-21937
oracle		https://www.oracle.com/security-alerts/cpuapr2023.html
openjdk		https://openjdk.org/groups/vulnerability/advisories/2023-04-18
anolis		https://anas.openanolis.cn/cves/detail/CVE-2023-21937
cve_search		https://www.oracle.com/security-alerts/cpuapr2023.html
cve_search		https://security.netapp.com/advisory/ntap-20230427-0008/
cve_search		https://www.debian.org/security/2023/dsa-5430
osv	https://access.redhat.com/errata/RHSA-2023:1908	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://access.redhat.com/security/cve/CVE-2023-21930	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://access.redhat.com/security/cve/CVE-2023-21937	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://access.redhat.com/security/cve/CVE-2023-21938	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://access.redhat.com/security/cve/CVE-2023-21939	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://access.redhat.com/security/cve/CVE-2023-21954	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://access.redhat.com/security/cve/CVE-2023-21967	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://access.redhat.com/security/cve/CVE-2023-21968	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://bugzilla.redhat.com/2187435	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://bugzilla.redhat.com/2187441	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://bugzilla.redhat.com/2187704	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://bugzilla.redhat.com/2187724	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://bugzilla.redhat.com/2187758	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://bugzilla.redhat.com/2187790	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://bugzilla.redhat.com/2187802	https://osv.dev/vulnerability/ALSA-2023:1908
osv	https://errata.almalinux.org/8/ALSA-2023-1908.html	https://osv.dev/vulnerability/ALSA-2023:1908
amazon_linux_explore	https://access.redhat.com/security/cve/CVE-2023-21937	https://explore.alas.aws.amazon.com/CVE-2023-21937.html
amazon_linux_explore	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21937	https://explore.alas.aws.amazon.com/CVE-2023-21937.html
snyk	https://github.com/openjdk/jdk11u/commit/a5bdad69ee3c93579ef4267a68784e6a3d691557	https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457923
snyk	https://github.com/openjdk/jdk17u/commit/43dd5ffb1008942bd04836add3f566f0c8771897	https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457923
snyk	https://github.com/openjdk/jdk20u/commit/853784d2f9c59279108136be70629e6b4b152679	https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457923
snyk	https://github.com/openjdk/jdk8u/commit/a02c2bfb23dec01c987af1859654f0e4b44d70c6	https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457923
snyk	https://bugzilla.redhat.com/show_bug.cgi?id=2187790	https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457923
snyk	https://github.com/openjdk/jdk11u/commit/a5bdad69ee3c93579ef4267a68784e6a3d691557	https://security.snyk.io/vuln/SNYK-UPSTREAM-OPENJDKJRE-5457922
snyk	https://github.com/openjdk/jdk17u/commit/43dd5ffb1008942bd04836add3f566f0c8771897	https://security.snyk.io/vuln/SNYK-UPSTREAM-OPENJDKJRE-5457922
snyk	https://github.com/openjdk/jdk20u/commit/853784d2f9c59279108136be70629e6b4b152679	https://security.snyk.io/vuln/SNYK-UPSTREAM-OPENJDKJRE-5457922
snyk	https://github.com/openjdk/jdk8u/commit/a02c2bfb23dec01c987af1859654f0e4b44d70c6	https://security.snyk.io/vuln/SNYK-UPSTREAM-OPENJDKJRE-5457922
snyk	https://bugzilla.redhat.com/show_bug.cgi?id=2187790	https://security.snyk.io/vuln/SNYK-UPSTREAM-OPENJDKJRE-5457922
nvd	https://www.oracle.com/security-alerts/cpuapr2023.html
nvd	https://security.netapp.com/advisory/ntap-20230427-0008/
nvd	https://www.debian.org/security/2023/dsa-5430
redhat	https://access.redhat.com/security/cve/CVE-2023-21937
nvd	https://www.oracle.com/security-alerts/cpuapr2023.html

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

详情(点击展开)

影响的包	修复版本	修复补丁	问题引入补丁	来源
		https://github.com/openjdk/jdk8u/commit/a02c2bfb23dec01c987af1859654f0e4b44d70c6		redhat_bugzilla
		https://github.com/openjdk/jdk8u/commit/2a54b080ed565c1d1ddadad27d2e4b77058ef2c7		redhat_bugzilla
		https://github.com/openjdk/jdk8u/commit/17ba2dfb47f22a6a89609c94be50cabc6df5c8c9		redhat_bugzilla
		https://github.com/openjdk/jdk11u/commit/a5bdad69ee3c93579ef4267a68784e6a3d691557		redhat_bugzilla
		https://github.com/openjdk/jdk11u/commit/36871ab89cf5f531b1d045e22676275e60db91d7		redhat_bugzilla
		https://github.com/openjdk/jdk17u/commit/43dd5ffb1008942bd04836add3f566f0c8771897		redhat_bugzilla
		https://github.com/openjdk/jdk17u/commit/ae88233d9481be3968948ef71f9fdbaebb874160		redhat_bugzilla
		https://github.com/openjdk/jdk11u/commit/a5bdad69ee3c93579ef4267a68784e6a3d691557		snyk
		https://github.com/openjdk/jdk17u/commit/43dd5ffb1008942bd04836add3f566f0c8771897		snyk
		https://github.com/openjdk/jdk20u/commit/853784d2f9c59279108136be70629e6b4b152679		snyk
		https://github.com/openjdk/jdk8u/commit/a02c2bfb23dec01c987af1859654f0e4b44d70c6		snyk

二、漏洞分析结构反馈
影响性分析说明：
漏洞允许未经身份验证的攻击者通过多种协议访问网络来破坏 Oracle Java SE、Oracle GraalVM 企业版。对该漏洞的成功攻击可能导致对某些 Oracle Java SE、Oracle GraalVM 企业版可访问数据进行未经授权的更新、插入或删除访问
openEuler评分：
3.7
Vector：CVSS：3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP1(16.0.2.7):受影响
2.openEuler-20.03-LTS-SP3(16.0.1.9):受影响
3.openEuler-22.03-LTS(17.0.1.12):受影响
4.openEuler-22.03-LTS-SP1(19.0.2.7):受影响
5.openEuler-22.03-LTS-SP2(19.0.0.36):受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(16.0.2.7):是
2.openEuler-20.03-LTS-SP3(16.0.1.9):是
3.openEuler-22.03-LTS(17.0.1.12):是
4.openEuler-22.03-LTS-SP1(19.0.2.7):是
5.openEuler-22.03-LTS-SP2(19.0.0.36):是

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2023-1650

@eastb233 ,@peilin-guo ,@cf-zhao ,@jiangfeilong1003 ,@alexanderbill ,@yd_wang ,@jvmboy ,@kuenking111 ,@li-yancheng ,@stubCode ,@jdkboy
issue处理注意事项:
1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;
2. 模板内容需要填写完整, 无论是受影响或者不受影响都需要填写完整内容,未引入的分支不需要填写, 否则无法关闭当前issue;
3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openEuler评分, 受影响版本排查(受影响/不受影响), 修复是否涉及abi变化(是/否))不能省略,省略后cve-manager将无法正常解析填写内容.

影响性分析说明:

openEuler评分: (评分和向量)

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1(16.0.2.7):
2.openEuler-20.03-LTS-SP3(16.0.1.9):
3.openEuler-22.03-LTS(17.0.1.12):
4.openEuler-22.03-LTS-SP1(19.0.2.7):

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(16.0.2.7):
2.openEuler-20.03-LTS-SP3(16.0.1.9):
3.openEuler-22.03-LTS(17.0.1.12):
4.openEuler-22.03-LTS-SP1(19.0.2.7):

issue处理具体操作请参考:
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
pr关联issue具体操作请参考:
https://gitee.com/help/articles/4142

Hi openeuler-ci-bot, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Compiler, and any of the maintainers: @eastb233 , @peilin-guo , @cf-zhao , @jiangfeilong1003 , @alexanderbill , @yd_wang , @jvmboy , @kuenking111 , @li-yancheng , @stubCode , @jdkboy

参考网址	关联pr	状态	补丁链接
https://nvd.nist.gov/vuln/detail/CVE-2023-21937
https://ubuntu.com/security/CVE-2023-21937	None	None	https://discourse.ubuntu.com/c/ubuntu-pro
https://www.opencve.io/cve/CVE-2023-21937
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-21937	None	None	https://github.com/openjdk/jdk17u/commit/ae88233d9481be3968948ef71f9fdbaebb874160 https://github.com/openjdk/jdk8u/commit/2a54b080ed565c1d1ddadad27d2e4b77058ef2c7 https://github.com/openjdk/jdk11u/commit/36871ab89cf5f531b1d045e22676275e60db91d7 https://github.com/openjdk/jdk11u/commit/a5bdad69ee3c93579ef4267a68784e6a3d691557 https://github.com/openjdk/jdk17u/commit/43dd5ffb1008942bd04836add3f566f0c8771897 https://github.com/openjdk/jdk8u/commit/a02c2bfb23dec01c987af1859654f0e4b44d70c6 https://github.com/openjdk/jdk8u/commit/17ba2dfb47f22a6a89609c94be50cabc6df5c8c9
https://security-tracker.debian.org/tracker/CVE-2023-21937
http://www.cnnvd.org.cn/web/vulnerability/queryLds.tag?qcvCnnvdid=CVE-2023-21937

说明：补丁链接仅供初步排查参考，实际可用性请人工再次确认，补丁下载验证可使用CVE补丁工具。
若补丁不准确，烦请在此issue下评论 '/report-patch 参考网址补丁链接1,补丁链接2' 反馈正确信息，便于我们不断优化工具，不胜感激。
如 /report-patch https://security-tracker.debian.org/tracker/CVE-2021-3997 https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1

影响性分析说明：
漏洞允许未经身份验证的攻击者通过多种协议访问网络来破坏 Oracle Java SE、Oracle GraalVM 企业版。对该漏洞的成功攻击可能导致对某些 Oracle Java SE、Oracle GraalVM 企业版可访问数据进行未经授权的更新、插入或删除访问
openEuler评分：
3.7
Vector：CVSS：3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP1(16.0.2.7):受影响
2.openEuler-20.03-LTS-SP3(16.0.1.9):受影响
3.openEuler-22.03-LTS(17.0.1.12):受影响
4.openEuler-22.03-LTS-SP1(19.0.2.7):受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(16.0.2.7):是
2.openEuler-20.03-LTS-SP3(16.0.1.9):是
3.openEuler-22.03-LTS(17.0.1.12):是
4.openEuler-22.03-LTS-SP1(19.0.2.7):是

@eastb233 经过 cve-manager 解析, 已分析的内容如下表所示:

状态	需分析	内容
已分析	1.影响性分析说明	漏洞允许未经身份验证的攻击者通过多种协议访问网络来破坏 Oracle Java SE、Oracle GraalVM 企业版。对该漏洞的成功攻击可能导致对某些 Oracle Java SE、Oracle GraalVM 企业版可访问数据进行未经授权的更新、插入或删除访问
已分析	2.openEulerScore	3.7
已分析	3.openEulerVector	AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
已分析	4.受影响版本排查	openEuler-20.03-LTS-SP1:受影响,openEuler-20.03-LTS-SP3:受影响,openEuler-22.03-LTS:受影响,openEuler-22.03-LTS-SP1:受影响
已分析	5.修复是否涉及abi变化	openEuler-20.03-LTS-SP1:是,openEuler-20.03-LTS-SP3:是,openEuler-22.03-LTS:是,openEuler-22.03-LTS-SP1:是

请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.

@kuenking111 请确认分支: openEuler-22.03-LTS-SP2 受影响/不受影响.
请确认分支信息是否填写完整,否则将无法关闭当前issue.

影响性分析说明：
漏洞允许未经身份验证的攻击者通过多种协议访问网络来破坏 Oracle Java SE、Oracle GraalVM 企业版。对该漏洞的成功攻击可能导致对某些 Oracle Java SE、Oracle GraalVM 企业版可访问数据进行未经授权的更新、插入或删除访问
openEuler评分：
3.7
Vector：CVSS：3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP1(16.0.2.7):受影响
2.openEuler-20.03-LTS-SP3(16.0.1.9):受影响
3.openEuler-22.03-LTS(17.0.1.12):受影响
4.openEuler-22.03-LTS-SP1(19.0.2.7):受影响
5.openEuler-22.03-LTS-SP2(1.8.0.372.b07):受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(16.0.2.7):是
2.openEuler-20.03-LTS-SP3(16.0.1.9):是
3.openEuler-22.03-LTS(17.0.1.12):是
4.openEuler-22.03-LTS-SP1(19.0.2.7):是
5.openEuler-22.03-LTS-SP2(1.8.0.372.b07):是

@eastb233 经过 cve-manager 解析, 已分析的内容如下表所示:

状态	需分析	内容
已分析	1.影响性分析说明	漏洞允许未经身份验证的攻击者通过多种协议访问网络来破坏 Oracle Java SE、Oracle GraalVM 企业版。对该漏洞的成功攻击可能导致对某些 Oracle Java SE、Oracle GraalVM 企业版可访问数据进行未经授权的更新、插入或删除访问
已分析	2.openEulerScore	3.7
已分析	3.openEulerVector	AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
已分析	4.受影响版本排查	openEuler-20.03-LTS-SP1:受影响,openEuler-20.03-LTS-SP3:受影响,openEuler-22.03-LTS:受影响,openEuler-22.03-LTS-SP1:受影响,openEuler-22.03-LTS-SP2:受影响
已分析	5.修复是否涉及abi变化	openEuler-20.03-LTS-SP1:是,openEuler-20.03-LTS-SP3:是,openEuler-22.03-LTS:是,openEuler-22.03-LTS-SP1:是,openEuler-22.03-LTS-SP2:是

请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.

src-openEuler/openjdk-latest

内容风险标识

评论 (12)

src-openEuler/openjdk-latest .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2023-21937

评论 (12)

搜索帮助

src-openEuler/openjdk-latest