CVE-2023-22067
Published Oct 12, 2023
·Updated
A flaw was discovered in the CORBA component of OpenJDK in the way it performed deserialization of IOR (Interoperable Object Reference) string objects. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Affected Software
14 affected componentsFixes available
ubuntu/openjdk-8<8
8
ubuntu/openjdk-8<8
8
ubuntu/openjdk-8<8
8
ubuntu/openjdk-8<8
8
ubuntu/openjdk-8<8
8
ubuntu/openjdk-8<8
8
debian/openjdk-8
8u412-ga-1
Oracle JDK=1.8.0-update381
Oracle JDK=1.8.0-update381
Oracle JRE=1.8.0-update381
Oracle JRE=1.8.0-update381
NetApp Cloud Insights Acquisition Unit
NetApp Cloud Insights Storage Workload Security Agent
IBM InfoSphere Data Architect<=9.2.1
Remediation
Patch Available
Event History
Oct 12, 2023
Data Sourced
via Red Hat·10:55 AM
DescriptionSeverityAffected Software
Oct 17, 2023
CVE Published
via Ubuntu·12:00 AM
CVE Published
via MITRE·09:02 PM
Data Sourced
via MITRE·09:02 PM
DescriptionSeverity
Data Sourced
10:15 PM
DescriptionSeverity
Data Sourced
via NVD·10:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Jan 13, 2024
Data Sourced
via Launchpad·12:00 AM
Description
Mar 4, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the vulnerability ID of this Oracle Java SE vulnerability?
The vulnerability ID of this Oracle Java SE vulnerability is CVE-2023-22067.
2
What component of Oracle Java SE is affected by this vulnerability?
The CORBA component of Oracle Java SE is affected by this vulnerability.
3
Which versions of Oracle Java SE are affected by this vulnerability?
The versions 8u381 and 8u381-perf of Oracle Java SE are affected by this vulnerability.
4
What is the severity rating of this vulnerability?
This vulnerability has a severity rating of medium (5.3) according to the Common Vulnerability Scoring System (CVSS).
5
How can an attacker exploit this vulnerability?
An unauthenticated attacker with network access via CORBA can exploit this vulnerability.