You are here

Oracle CPU July 2023 - Airlock Gateway and IAM

IDs: 
CVE-2023-22043, CVE-2023-22041, CVE-2023-22051, CVE-2023-25193, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006
Keywords: 
java, cpu, Oracle Critical Patch Update
Description: 

The Oracle Critical Patch Update for July 2023 includes updates for Java SE [1] that fix 9 Java SE vulnerabilities.

Airlock Gateway uses Java in the Configuration Center and in several add-on modules.

Airlock IAM before version 7.0 relies on a separately installed Java environment and the Java runtime environment is maintained by the system administrator.

No actions required for Airlock Gateway and IAM.

Details:

CVE-2023-22043, CVE-2023-22041, CVE-2023-22006
Does not affect Java deployments, typically in servers, that load and run only trusted code.

CVE-2023-22051
Affected JVM (Oracle GraalVM Enterprise Edition) not used by Airlock Gateway and IAM.

CVE-2023-25193
Component is not used in Airlock Gateway and IAM.

CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036
Airlock Gateway and IAM use the feature only with trusted input.

Resolution: 

General Advice: We strongly recommend to update all client deployments of Java and uninstalling Java from clients where it is not needed.

Component: 
Authentication service
Airlock Vulnerability Status: 
Airlock vulnerable, see resolution
Back-end Vulnerability Status: 
Back-ends may be vulnerable, see resolution