CVE-2023-21968
low
CVSS v3
3.7
CVSS v4 NEW
โ
VIR risk
3.7
Description
RHSA-2023:4103: java-1.8.0-ibm security update (Important)
Predictions
Exploit likelihood
47%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Debian Mixed 6 releases
| Version | Status | Fixed in |
|---|---|---|
| sid | Fixed | 11.0.19+7-1 |
| bullseye | Fixed | 11.0.20+8-1~deb11u1 |
| bookworm | Fixed | 17.0.7+7-1~deb12u1 |
| 12.0 | Affected | โ |
| 11.0 | Affected | โ |
| 10.0 | Affected | โ |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | java-11-openjdk-demo-11.0.19.0.7-1.el9_1.aarch64.rpm |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| oracle | graalvm | 20.3.9 | |
| oracle | graalvm | 21.3.5 | |
| oracle | graalvm | 22.3.1 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.18 | |
| oracle | jdk | 17.0.6 | |
| oracle | jdk | 20 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.18 | |
| oracle | jre | 17.0.6 | |
| oracle | jre | 20 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | brocade_san_navigator | - | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_insights_storage_workload_security_agent | - | |
| netapp | oncommand_insight | - | |
| oracle | openjdk | {"startIncluding":"11","endIncluding":"11.0.18"} | |
| oracle | openjdk | {"startIncluding":"17","endIncluding":"17.0.6"} | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 20 | |
References
- https://access.redhat.com/errata/RHSA-2023:1879
- https://access.redhat.com/errata/RHSA-2023:1880
- https://access.redhat.com/errata/RHSA-2023:1909
- https://errata.rockylinux.org/RLSA-2023:1895
- https://errata.rockylinux.org/RLSA-2023:1898
- https://www.suse.com/security/cve/CVE-2023-21968.html
- https://errata.rockylinux.org/RLSA-2023:1879
- https://errata.rockylinux.org/RLSA-2023:1909
- https://errata.rockylinux.org/RLSA-2023:1880
- https://security-tracker.debian.org/tracker/CVE-2023-21968
- https://access.redhat.com/errata/RHSA-2023:1908
- https://bugzilla.redhat.com/2187435
- https://bugzilla.redhat.com/2187441
- https://bugzilla.redhat.com/2187704
- https://bugzilla.redhat.com/2187724
- https://bugzilla.redhat.com/2187758
- https://bugzilla.redhat.com/2187790
- https://bugzilla.redhat.com/2187802
- https://errata.almalinux.org/8/ALSA-2023-1908.html
- https://access.redhat.com/errata/RHSA-2023:1895
- https://errata.almalinux.org/8/ALSA-2023-1895.html
- https://access.redhat.com/errata/RHSA-2023:1898
- https://errata.almalinux.org/8/ALSA-2023-1898.html
- https://errata.almalinux.org/9/ALSA-2023-1909.html
- https://errata.almalinux.org/9/ALSA-2023-1879.html
CWEs
CWE-284
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.