Vulnerability in Oracle GraalVM Enterprise Edition Affects Data Integrity and Availability
CVE-2023-21986

5.7MEDIUM

Key Information:

Vendor
Oracle
Vendor
CVE Published:
18 April 2023

Summary

An exploitable vulnerability exists in the Oracle GraalVM Enterprise Edition's Native Image component, allowing an unauthenticated attacker with logon access to the environment where GraalVM operates to manipulate data. The attacks can result in unauthorized updates, inserts, or deletions of accessible data and can lead to a partial denial of service. Given that this vulnerability affects the GraalVM Enterprise Edition, it may also impact other products, extending its scope of influence.

Affected Version(s)

GraalVM Enterprise Edition Oracle GraalVM Enterprise Edition:20.3.9

GraalVM Enterprise Edition Oracle GraalVM Enterprise Edition:21.3.5

GraalVM Enterprise Edition Oracle GraalVM Enterprise Edition:22.3.1

References

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.