You are here

Oracle CPU July 2023 - Airlock Gateway and IAM

CVE-2023-22043, CVE-2023-22041, CVE-2023-22051, CVE-2023-25193, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006
java, cpu, Oracle Critical Patch Update

The Oracle Critical Patch Update for July 2023 includes updates for Java SE [1] that fix 9 Java SE vulnerabilities.

Airlock Gateway uses Java in the Configuration Center and in several add-on modules.

Airlock IAM before version 7.0 relies on a separately installed Java environment and the Java runtime environment is maintained by the system administrator.

No actions required for Airlock Gateway and IAM.


CVE-2023-22043, CVE-2023-22041, CVE-2023-22006
Does not affect Java deployments, typically in servers, that load and run only trusted code.

Affected JVM (Oracle GraalVM Enterprise Edition) not used by Airlock Gateway and IAM.

Component is not used in Airlock Gateway and IAM.

CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036
Airlock Gateway and IAM use the feature only with trusted input.


General Advice: We strongly recommend to update all client deployments of Java and uninstalling Java from clients where it is not needed.

Authentication service
Airlock Vulnerability Status: 
Airlock vulnerable, see resolution
Back-end Vulnerability Status: 
Back-ends may be vulnerable, see resolution