{"id":"CVE-2023-21954","details":"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).","modified":"2026-03-15T14:50:10.640166Z","published":"2023-04-18T20:15:15.630Z","related":["ALSA-2023:1879","ALSA-2023:1880","ALSA-2023:1895","ALSA-2023:1898","ALSA-2023:1908","ALSA-2023:1909","CGA-x3jx-qggc-8w5r","MGASA-2023-0272","SUSE-SU-2023:2109-1","SUSE-SU-2023:2110-1","SUSE-SU-2023:2222-1","SUSE-SU-2023:2238-1","SUSE-SU-2023:2242-1","SUSE-SU-2023:2242-2","SUSE-SU-2023:2476-1","SUSE-SU-2023:2491-1","SUSE-SU-2023:3305-1","openSUSE-SU-2024:12891-1","openSUSE-SU-2024:12892-1","openSUSE-SU-2024:12909-1","openSUSE-SU-2024:13110-1","openSUSE-SU-2024:13130-1","openSUSE-SU-2024:13131-1","openSUSE-SU-2025:0066-1","openSUSE-SU-2025:0067-1"],"references":[{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2023.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230427-0008/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"type":"ADVISORY","url":"https://www.couchbase.com/alerts/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5430"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5478"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/graalvm/graalvm-ce-builds","events":[{"introduced":"0"},{"last_affected":"78e9d6d2d69753957b76d4dca05cac497221ff85"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"22.3.1"}]}},{"type":"GIT","repo":"https://github.com/openjdk/jdk","events":[{"introduced":"0"},{"last_affected":"82749901b1497f524e53e47c45708c8e4a63c8b9"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"20"}]}},{"type":"GIT","repo":"https://github.com/openjdk/jdk15u","events":[{"introduced":"0"},{"last_affected":"62007a12b80f381c687f60825b20fe0bbeeb5eaa"},{"introduced":"0"},{"last_affected":"a9a271179d2a7952154b7509a999b100cc98b13c"},{"introduced":"0"},{"last_affected":"446bbb0f40cdf32f1d979abcc03509898eb724c9"},{"introduced":"0"},{"last_affected":"6412341d454eee8a151cf89b51cabfb7b3d87140"},{"introduced":"0"},{"last_affected":"e9a2e84e45e1120aa306a01dfb087200f6a7f903"},{"introduced":"0"},{"last_affected":"7c18f827d7f096cbeb96b086a8516754f0c70221"},{"introduced":"0"},{"last_affected":"27cab0e0c87f124277c7afeb5dd6a8750443804e"},{"introduced":"0"},{"last_affected":"d38a1f186d640dede9fccb727ec98db3a413f9d8"},{"introduced":"0"},{"last_affected":"0d3829a2c5a70961ffc539865adc1442c1a30bb1"},{"introduced":"0"},{"last_affected":"69efabad3d8a2ff47a62a4626c574a56edec1cfd"},{"introduced":"0"},{"last_affected":"ed6697aa20e3f9c17a496a544b10bfe3543de38f"},{"introduced":"0"},{"last_affected":"880e09412543af479bc335faeda6196489a2a045"},{"introduced":"0"},{"last_affected":"7517b9d19367e1f057e5450d7871135b5f878d02"},{"introduced":"0"},{"last_affected":"bd04d75035a888d5034c5f7e2e0508d1d28d14af"},{"introduced":"0"},{"last_affected":"34063e3656db6d0cadb9168f37024e6e66fc2372"},{"introduced":"0"},{"last_affected":"e7d87b234c444e39369e8575284f785c56113324"},{"introduced":"0"},{"last_affected":"81ecd2932e0caee8ed01955fccc9e958c6a5cda3"},{"introduced":"0"},{"last_affected":"e7187d14db3748428c4a312203549f7ee31d4471"},{"introduced":"0"},{"last_affected":"8261ee6da3c5843806c20808cc4206c73bb0efac"},{"introduced":"0"},{"last_affected":"1c11f83e9262d3bf07b9d095a7b1d3659f1f2a9e"},{"introduced":"0"},{"last_affected":"75c48b0d1b36d9361a412ee2db2f51b7d9b6ef1c"},{"introduced":"0"},{"last_affected":"7ba83041b1d65545833655293d0976dfd1ffdea8"},{"introduced":"0"},{"last_affected":"82d185e64838992b019c90133d508d479d5ced0a"},{"introduced":"0"},{"last_affected":"22e500e3a917594cd93baaf8b5c7d29360d250d1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"10.0"},{"introduced":"0"},{"last_affected":"11.0"},{"introduced":"0"},{"last_affected":"12.0"},{"introduced":"0"},{"last_affected":"8-update101"},{"introduced":"0"},{"last_affected":"8-update102"},{"introduced":"0"},{"last_affected":"8-update11"},{"introduced":"0"},{"last_affected":"8-update111"},{"introduced":"0"},{"last_affected":"8-update112"},{"introduced":"0"},{"last_affected":"8-update20"},{"introduced":"0"},{"last_affected":"8-update25"},{"introduced":"0"},{"last_affected":"8-update31"},{"introduced":"0"},{"last_affected":"8-update40"},{"introduced":"0"},{"last_affected":"8-update45"},{"introduced":"0"},{"last_affected":"8-update51"},{"introduced":"0"},{"last_affected":"8-update60"},{"introduced":"0"},{"last_affected":"8-update65"},{"introduced":"0"},{"last_affected":"8-update66"},{"introduced":"0"},{"last_affected":"8-update71"},{"introduced":"0"},{"last_affected":"8-update72"},{"introduced":"0"},{"last_affected":"8-update73"},{"introduced":"0"},{"last_affected":"8-update74"},{"introduced":"0"},{"last_affected":"8-update77"},{"introduced":"0"},{"last_affected":"8-update91"},{"introduced":"0"},{"last_affected":"8-update92"}]}},{"type":"GIT","repo":"https://github.com/openjdk/jdk8u","events":[{"introduced":"0"},{"last_affected":"772d2a8fc0f3a6ae5dfcb1cbffc40a7999349bc6"},{"introduced":"0"},{"last_affected":"9205c421f33fd1938450d211369d3e2b7aec573d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8-update121"},{"introduced":"0"},{"last_affected":"8-update131"}]}}],"versions":["jdk-10+0","jdk-9+100","jdk-9+101","jdk-9+102","jdk-9+103","jdk-9+104","jdk-9+105","jdk-9+106","jdk-9+107","jdk-9+108","jdk-9+109","jdk-9+110","jdk-9+111","jdk-9+112","jdk-9+113","jdk-9+114","jdk-9+115","jdk-9+116","jdk-9+117","jdk-9+118","jdk-9+119","jdk-9+120","jdk-9+121","jdk-9+122","jdk-9+123","jdk-9+124","jdk-9+125","jdk-9+126","jdk-9+127","jdk-9+128","jdk-9+129","jdk-9+130","jdk-9+131","jdk-9+132","jdk-9+133","jdk-9+134","jdk-9+135","jdk-9+136","jdk-9+137","jdk-9+138","jdk-9+139","jdk-9+140","jdk-9+141","jdk-9+142","jdk-9+143","jdk-9+144","jdk-9+145","jdk-9+146","jdk-9+147","jdk-9+148","jdk-9+149","jdk-9+150","jdk-9+151","jdk-9+152","jdk-9+153","jdk-9+95","jdk-9+96","jdk-9+97","jdk-9+98","jdk-9+99","jdk7-b100","jdk7-b101","jdk7-b102","jdk7-b103","jdk7-b104","jdk7-b105","jdk7-b106","jdk7-b107","jdk7-b108","jdk7-b109","jdk7-b110","jdk7-b111","jdk7-b112","jdk7-b113","jdk7-b114","jdk7-b115","jdk7-b116","jdk7-b117","jdk7-b118","jdk7-b119","jdk7-b120","jdk7-b121","jdk7-b122","jdk7-b123","jdk7-b124","jdk7-b125","jdk7-b126","jdk7-b127","jdk7-b128","jdk7-b129","jdk7-b130","jdk7-b131","jdk7-b132","jdk7-b133","jdk7-b134","jdk7-b135","jdk7-b136","jdk7-b137","jdk7-b138","jdk7-b139","jdk7-b140","jdk7-b141","jdk7-b142","jdk7-b143","jdk7-b144","jdk7-b145","jdk7-b146","jdk7-b147","jdk7-b24","jdk7-b25","jdk7-b26","jdk7-b27","jdk7-b28","jdk7-b29","jdk7-b30","jdk7-b31","jdk7-b32","jdk7-b33","jdk7-b34","jdk7-b35","jdk7-b36","jdk7-b37","jdk7-b38","jdk7-b39","jdk7-b40","jdk7-b41","jdk7-b42","jdk7-b43","jdk7-b44","jdk7-b45","jdk7-b46","jdk7-b47","jdk7-b48","jdk7-b49","jdk7-b50","jdk7-b51","jdk7-b52","jdk7-b53","jdk7-b54","jdk7-b55","jdk7-b56","jdk7-b57","jdk7-b58","jdk7-b59","jdk7-b60","jdk7-b61","jdk7-b62","jdk7-b63","jdk7-b64","jdk7-b65","jdk7-b66","jdk7-b67","jdk7-b68","jdk7-b69","jdk7-b70","jdk7-b71","jdk7-b72","jdk7-b73","jdk7-b74","jdk7-b75","jdk7-b76","jdk7-b77","jdk7-b78","jdk7-b79","jdk7-b80","jdk7-b81","jdk7-b82","jdk7-b83","jdk7-b84","jdk7-b85","jdk7-b86","jdk7-b87","jdk7-b88","jdk7-b89","jdk7-b90","jdk7-b91","jdk7-b92","jdk7-b93","jdk7-b94","jdk7-b95","jdk7-b96","jdk7-b97","jdk7-b98","jdk7-b99","jdk8-b01","jdk8-b02","jdk8-b03","jdk8-b04","jdk8-b05","jdk8-b06","jdk8-b07","jdk8-b08","jdk8-b09","jdk8-b10","jdk8-b100","jdk8-b101","jdk8-b102","jdk8-b103","jdk8-b104","jdk8-b105","jdk8-b106","jdk8-b107","jdk8-b108","jdk8-b109","jdk8-b11","jdk8-b110","jdk8-b111","jdk8-b112","jdk8-b113","jdk8-b114","jdk8-b115","jdk8-b116","jdk8-b117","jdk8-b118","jdk8-b119","jdk8-b12","jdk8-b120","jdk8-b121","jdk8-b13","jdk8-b14","jdk8-b15","jdk8-b16","jdk8-b17","jdk8-b18","jdk8-b19","jdk8-b20","jdk8-b21","jdk8-b22","jdk8-b23","jdk8-b24","jdk8-b25","jdk8-b26","jdk8-b27","jdk8-b28","jdk8-b29","jdk8-b30","jdk8-b31","jdk8-b32","jdk8-b33","jdk8-b34","jdk8-b35","jdk8-b36","jdk8-b37","jdk8-b38","jdk8-b39","jdk8-b40","jdk8-b41","jdk8-b42","jdk8-b43","jdk8-b44","jdk8-b45","jdk8-b46","jdk8-b47","jdk8-b48","jdk8-b49","jdk8-b50","jdk8-b51","jdk8-b52","jdk8-b53","jdk8-b54","jdk8-b55","jdk8-b56","jdk8-b57","jdk8-b58","jdk8-b59","jdk8-b60","jdk8-b61","jdk8-b62","jdk8-b63","jdk8-b64","jdk8-b65","jdk8-b66","jdk8-b67","jdk8-b68","jdk8-b69","jdk8-b70","jdk8-b71","jdk8-b72","jdk8-b73","jdk8-b74","jdk8-b75","jdk8-b76","jdk8-b77","jdk8-b78","jdk8-b79","jdk8-b80","jdk8-b81","jdk8-b82","jdk8-b83","jdk8-b84","jdk8-b85","jdk8-b86","jdk8-b87","jdk8-b88","jdk8-b89","jdk8-b90","jdk8-b91","jdk8-b92","jdk8-b93","jdk8-b94","jdk8-b95","jdk8-b96","jdk8-b97","jdk8-b98","jdk8-b99","jdk9-b00","jdk9-b01","jdk9-b02","jdk9-b03","jdk9-b04","jdk9-b05","jdk9-b06","jdk9-b07","jdk9-b08","jdk9-b09","jdk9-b10","jdk9-b11","jdk9-b12","jdk9-b13","jdk9-b14","jdk9-b15","jdk9-b16","jdk9-b17","jdk9-b18","jdk9-b19","jdk9-b20","jdk9-b21","jdk9-b22","jdk9-b23","jdk9-b24","jdk9-b25","jdk9-b26","jdk9-b27","jdk9-b28","jdk9-b29","jdk9-b30","jdk9-b31","jdk9-b32","jdk9-b33","jdk9-b34","jdk9-b35","jdk9-b36","jdk9-b37","jdk9-b38","jdk9-b39","jdk9-b40","jdk9-b41","jdk9-b42","jdk9-b43","jdk9-b44","jdk9-b45","jdk9-b46","jdk9-b47","jdk9-b48","jdk9-b49","jdk9-b50","jdk9-b51","jdk9-b52","jdk9-b53","jdk9-b54","jdk9-b55","jdk9-b56","jdk9-b57","jdk9-b58","jdk9-b59","jdk9-b60","jdk9-b61","jdk9-b62","jdk9-b63","jdk9-b64","jdk9-b65","jdk9-b66","jdk9-b67","jdk9-b68","jdk9-b69","jdk9-b70","jdk9-b71","jdk9-b72","jdk9-b73","jdk9-b74","jdk9-b75","jdk9-b76","jdk9-b77","jdk9-b78","jdk9-b79","jdk9-b80","jdk9-b81","jdk9-b82","jdk9-b83","jdk9-b84","jdk9-b85","jdk9-b86","jdk9-b87","jdk9-b88","jdk9-b89","jdk9-b90","jdk9-b91","jdk9-b92","jdk9-b93","jdk9-b94","vm-19.3.0","vm-19.3.0.2","vm-19.3.1","vm-19.3.2","vm-19.3.2-pre","vm-19.3.3","vm-19.3.4","vm-19.3.5","vm-19.3.6","vm-20.0.0","vm-20.0.1","vm-20.1.0","vm-20.2.0","vm-20.3.0","vm-20.3.1","vm-20.3.1.2","vm-20.3.2","vm-20.3.3","vm-20.3.4","vm-20.3.5","vm-20.3.6","vm-21.0.0","vm-21.0.0.2","vm-21.1.0","vm-21.2.0","vm-21.3.0","vm-21.3.1","vm-21.3.2","vm-21.3.3","vm-21.3.3.1","vm-22.0.0.2","vm-22.1.0","vm-22.2.0","vm-22.3.0","vm-22.3.1","vm-22.3.2","vm-ce-21.2.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"20.3.9"}]},{"events":[{"introduced":"0"},{"last_affected":"21.3.5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update361"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0.18"}]},{"events":[{"introduced":"0"},{"last_affected":"17.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update361"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0.18"}]},{"events":[{"introduced":"0"},{"last_affected":"17.0.6"}]},{"events":[{"introduced":"0"},{"fixed":"8"}]},{"events":[{"introduced":"11"},{"last_affected":"11.0.18"}]},{"events":[{"introduced":"17"},{"last_affected":"17.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"8-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone1"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone2"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone3"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone4"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone5"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone6"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone7"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone8"}]},{"events":[{"introduced":"0"},{"last_affected":"8-milestone9"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update141"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update151"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update152"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update161"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update162"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update171"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update172"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update181"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update191"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update192"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update201"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update202"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update211"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update212"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update221"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update222"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update231"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update232"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update241"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update242"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update252"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update262"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update271"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update281"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update282"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update291"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update301"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update302"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update312"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update322"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update332"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update342"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update352"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update362"}]},{"events":[{"introduced":"0"},{"last_affected":"8-update5"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-21954.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}