CVE CyberSecurity Database News

CVE-2023-22044: Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK

Poster -

A new security vulnerability, CVE-2023-22044, has been identified that affects multiple components of Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK. This vulnerability can result in unauthorized read access to a subset of accessible data by unauthenticated attackers with network access via multiple protocols.

Exploit Details

The vulnerability, specifically in the Hotspot component, can be difficult to exploit. However, successful attacks can occur by using APIs in the specified component, such as through a web service that supplies data to the APIs. This vulnerability is also applicable to Java deployments, including those running sandboxed Java Web Start applications or sandboxed Java applets, which load and run untrusted code (e.g., code from the internet) while relying on the Java sandbox for security.

CVSS 3.1 Base Score

The CVSS (Common Vulnerability Scoring System) 3.1 Base Score for this vulnerability is 3.7, with Confidentiality impacts. The CVSS Vector is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Code Snippet

The exploitation of this vulnerability typically involves the use of APIs, as shown in the following example code snippet:

import java.applet.Applet;
import java.awt.Graphics;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;

public class ExploitApplet extends Applet {
    public void paint(Graphics g) {
        AccessControlContext acc = AccessController.getContext();
        ProtectionDomain[] pds = { new ExploitProtectionDomain() };
        AccessControlContext maliciousAcc = new AccessControlContext(pds);
        AccessController.doPrivileged(new PrivilegedAction<Object>() {
            public Object run() {
                // Exploit-related code goes here
                return null;
            }
        }, maliciousAcc);
        // Normal applet code continues following the exploitation
    }
}

class ExploitProtectionDomain extends ProtectionDomain {
    ExploitProtectionDomain() {
        super(null, null);
    }

    // Potentially exploit the vulnerability by overwriting the implies method
    public boolean implies(Permission p) {
        return true;
    }
}

This code snippet demonstrates how an attacker could potentially create a malicious applet to exploit the vulnerability.

For more information and updates, refer to the original references

- Oracle Critical Patch Update Advisory - October 2023: https://www.oracle.com/security-alerts/cpuoct2023.html
- NVD - CVE-2023-22044: https://nvd.nist.gov/vuln/detail/CVE-2023-22044

Conclusion

To protect against this vulnerability, users and administrators should ensure they are running updated versions of Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK. Additionally, developers should avoid using untrusted code in sandboxed Java applications and applets. By taking these preventive measures, the risk of unauthorized read access can be mitigated.

Timeline

Published on: 07/18/2023 21:15:00 UTC
Last modified on: 07/27/2023 17:34:00 UTC