CVE-2023-20863
In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
EPSS 1.18% · 79.1th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Communications <= 23.2.4 | |
| Oracle | Oracle Financial Services Applications 8.0.7 | |
| Oracle | Oracle Fusion Middleware 12.2.1.4.0 | |
| RealObjects | RealObjects PDFreactor <11.6.6 | |
| Oracle | Oracle Financial Services Applications 14.5.0.8.0 | |
| Oracle | Oracle Retail Applications 19.1 | |
| VMware Tanzu | VMware Tanzu Spring Framework <6.0.8 | |
| IBM | IBM Security Guardium 11.3 | |
| IBM | IBM Business Automation Workflow | |
| Oracle | Oracle Construction and Engineering <= 22.12.6 | |
| Oracle | Oracle Communications 23.1.2 | |
| Oracle | Oracle Fusion Middleware 8.5.6 | |
| Oracle | Oracle Retail Applications 21.0.2 | |
| MariaDB | MariaDB MariaDB <10.6.16 | |
| Broadcom | Broadcom Brocade SANnav <2.3.0a | |
| Dell | Dell Secure Connect Gateway <5.34.00.16 | |
| Oracle | Oracle Financial Services Applications 8.1.1.1 | |
| Oracle | Oracle Utilities Applications <= 4.3.0.6.0 | |
| Oracle | Oracle Communications 8.6.0.0 | |
| Oracle | Oracle Utilities Applications 13.5.1.0.0 |
…and 194 more
Exploit Intelligence
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
- test_ghsa_completeness.py (github-poc)
- test_ghsa_completeness.py (github-poc)
- test_ghsa_completeness.py (github-poc)
- test_ghsa_completeness.py (github-poc)
…and 2 more exploits
Timeline
- Apr 13, 2023 CVE Published
- Apr 15, 2023 EPSS Score
- May 23, 2023 EPSS Score
- Jun 29, 2023 EPSS Score
- Aug 6, 2023 EPSS Score
- Sep 12, 2023 EPSS Score
- Oct 20, 2023 EPSS Score
- Nov 27, 2023 EPSS Score
- Jan 3, 2024 EPSS Score
- Mar 19, 2024 EPSS Score
- Apr 25, 2024 EPSS Score
- Jun 2, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0966.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0966 advisory
- https://spring.io/blog/2023/04/13/spring-framework-6-0-8-5-3-27-and-5-2-24-release-fix-cve-2023-20863 advisory
- https://spring.io/security/cve-2023-20863 advisory
- https://access.redhat.com/errata/RHSA-2023:2099 advisory
- https://www.ibm.com/support/pages/node/7001787 advisory
- https://www.ibm.com/support/pages/node/7010099 advisory
- https://www.ibm.com/support/pages/node/7003899 advisory
- https://www.pdfreactor.com/pdfreactor-11-hotfix-release-11-6-6-now-available/ advisory
- https://www.ibm.com/support/pages/node/7015075 advisory
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23257 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24999 advisory
- https://www.dell.com/support/kbdoc/de-de/000338043/dsa-2025-258-security-update-for-dell-networker-multiple-third-party-component-vulnerabilities advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1142.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1142 advisory
- https://access.redhat.com/errata/RHSA-2023:2100 advisory
- https://access.redhat.com/errata/RHSA-2023:3179 advisory
- https://access.redhat.com/errata/RHSA-2023:3193 advisory
- https://access.redhat.com/errata/RHSA-2023:3622 advisory
- https://access.redhat.com/errata/RHSA-2023:3667 advisory
…and 117 more