Java Virtual Machine Oracle Java Virtual Machine

Do you want an email whenever new security vulnerabilities are reported in Oracle Java Virtual Machine?

By the Year

In 2023 there have been 1 vulnerability in Oracle Java Virtual Machine with an average score of 4.3 out of ten. Last year Java Virtual Machine had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Java Virtual Machine in 2023 could surpass last years number. Interestingly, the average vulnerability score and the number of vulnerabilities for 2023 and last year was the same.

Year Vulnerabilities Average Score
2023 1 4.30
2022 1 4.30
2021 2 5.70
2020 1 3.10
2019 0 0.00
2018 0 0.00

It may take a day or so for new Java Virtual Machine vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Java Virtual Machine Security Vulnerabilities

Vulnerability in the Java VM component of Oracle Database Server

CVE-2022-39429 4.3 - Medium - January 18, 2023

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

Vulnerability in the Java VM component of Oracle Database Server

CVE-2022-39419 4.3 - Medium - October 18, 2022

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Vulnerability in the Java VM component of Oracle Database Server

CVE-2021-35619 7.1 - High - October 20, 2021

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).

Vulnerability in the Java VM component of Oracle Database Server

CVE-2021-2438 4.3 - Medium - July 21, 2021

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

Vulnerability in the Java VM component of Oracle Database Server

CVE-2020-14743 3.1 - Low - October 21, 2020

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Java Virtual Machine or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

subscribe