Vulnerability in Oracle GraalVM Enterprise Edition Affects Data Integrity and Availability
CVE-2023-21986

5.7MEDIUM

Key Information:

Vendor: Oracle
Status: Graalvm Enterprise Edition
Vendor: CVE Published:; 18 April 2023

Summary

An exploitable vulnerability exists in the Oracle GraalVM Enterprise Edition's Native Image component, allowing an unauthenticated attacker with logon access to the environment where GraalVM operates to manipulate data. The attacks can result in unauthorized updates, inserts, or deletions of accessible data and can lead to a partial denial of service. Given that this vulnerability affects the GraalVM Enterprise Edition, it may also impact other products, extending its scope of influence.

Affected Version(s)

GraalVM Enterprise Edition Oracle GraalVM Enterprise Edition:20.3.9

GraalVM Enterprise Edition Oracle GraalVM Enterprise Edition:21.3.5

GraalVM Enterprise Edition Oracle GraalVM Enterprise Edition:22.3.1

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022