Vulnerability DatabaseCVE-2023-22043

CVE-2023-22043:
Amazon Corretto JDK vulnerability analysis and mitigation

Overview

CVE-2023-22043 is a vulnerability in Oracle Java SE, specifically affecting the JavaFX component in Java SE version 8u371. The vulnerability was disclosed in July 2023 as part of Oracle's Critical Patch Update (Oracle CPU).

Technical details

The vulnerability is classified as difficult to exploit but can be accessed remotely through network protocols without requiring authentication. It has been assigned a CVSS 3.1 Base Score of 5.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N (Oracle CPU).

Impact

Successful exploitation of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE accessible data. The vulnerability specifically applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets (Oracle CPU).

Mitigation and workarounds

Oracle has released patches to address this vulnerability in Java SE version 8u371. Organizations using affected versions should update to the patched version. NetApp has also released fixes for their affected products, including updates for various system components (NetApp Advisory).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

5.9

Score

Published July 18, 2023

Severity MEDIUM

CNA Score 5.9

Affected Technologies

Amazon Corretto JDK
Oracle JRE

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 41.3

Exploitation Probability (EPSS) 0.2

Affected packages and libraries

java-1.8.0-openjdk-headless
java-1.8.0-openjdk-src

Sources

Chainguard
- Chainguard Has FixAdded at: Feb 02, 2025
Debian Security Tracker
- Debian 11, 12, 13 Severity MEDIUMHas FixAdded at: Jul 20, 2023
- Debian 14 Severity MEDIUMHas FixAdded at: Aug 10, 2025
Minimus
- MinimOS Severity MEDIUMHas FixAdded at: Oct 09, 2025
Ubuntu Security Tracker
- Ubuntu 16.04 Severity MEDIUMNo FixAdded at: Nov 13, 2023
- Ubuntu 18.04 Severity MEDIUMHas FixAdded at: Aug 06, 2023
NVD
- Linux Severity MEDIUMHas FixAdded at: Jul 30, 2023
- Windows Severity MEDIUMHas FixAdded at: Jul 23, 2023

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Amazon Corretto JDK vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-50059	HIGH	8.6	Amazon Corretto JDK	openjdk21-jre	No	Yes	Jul 15, 2025
CVE-2025-50106	HIGH	8.1	Amazon Corretto JDK	corretto-23	No	Yes	Jul 15, 2025
CVE-2025-50063	HIGH	7.3	Amazon Corretto JDK	openjdk-8-openj9	No	Yes	Jul 15, 2025
CVE-2025-30761	MEDIUM	5.9	Amazon Corretto JDK	java-1.8.0-openjdk	No	Yes	Jul 15, 2025
CVE-2025-30754	MEDIUM	4.8	Amazon Corretto JDK	openjdk-17	No	Yes	Jul 15, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2023-22043: Amazon Corretto JDK vulnerability analysis and mitigation