JVNDB-2023-004278

JVNDB-2023-004278
�ｽI�ｽ�ｽ�ｽN�ｽ�ｽ�ｽ�ｽ JDK �ｽ�ｽ�ｽ�ｽ�ｽ JRE �ｽﾉゑｿｽ�ｽ�ｽ�ｽ�ｽﾆ弱性
�ｽT�ｽv
�ｽI�ｽ�ｽ�ｽN�ｽ�ｽ�ｽ�ｽ JDK �ｽ�ｽ�ｽ�ｽ�ｽ JRE �ｽﾉは、�ｽs�ｽ�ｽ�ｽ�ｽﾌ脆弱性�ｽ�ｽ�ｽ�ｽ�ｽﾝゑｿｽ�ｽﾜゑｿｽ�ｽB
CVSS �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx (CVSS �ｽﾆゑｿｽ?)
CVSS v3 �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx �ｽ�ｽ{�ｽl: 5.3 (�ｽx�ｽ�ｽ) [�ｽ�ｽ�ｽﾌ托ｿｽ] �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ謨ｪ: �ｽl�ｽb�ｽg�ｽ�ｽ�ｽ[�ｽN �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾌ包ｿｽ�ｽG�ｽ�ｽ: �ｽ�ｽ �ｽU�ｽ�ｽ�ｽﾉ必�ｽv�ｽﾈ難ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽx�ｽ�ｽ: �ｽs�ｽv �ｽ�ｽ�ｽp�ｽﾒの関与: �ｽs�ｽv �ｽe�ｽ�ｽ�ｽﾌ想�ｽ�ｽﾍ茨ｿｽ: �ｽﾏ更�ｽﾈゑｿｽ �ｽ@�ｽ�ｽ�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(C): �ｽﾈゑｿｽ �ｽ�ｽ�ｽS�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(I): �ｽ�ｽ �ｽﾂ用�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(A): �ｽﾈゑｿｽ
�ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ

�ｽI�ｽ�ｽ�ｽN�ｽ�ｽ JDK 8 Update 381 JDK 8 Update 381-perf JRE 8 Update 381 JRE 8 Update 381-perf �ｽ�ｽ�ｽ�ｽ Cosminexus Developer's Kit for Java(TM) Hitachi Application Server Hitachi Application Server for Developers Hitachi Automation Director (�ｽ�ｽ�ｽ�ｽ�ｽﾌ費ｿｽ�ｽﾌゑｿｽ) Hitachi Compute Systems Manager Hitachi Configuration Manager Hitachi Developer's Kit for Java Hitachi Device Manager Hitachi Dynamic Link Manager Hitachi Global Link Manager Hitachi Infrastructure Analytics Advisor (�ｽC�ｽO�ｽﾌ費ｿｽ�ｽﾌゑｿｽ) Hitachi Ops Center Administrator (�ｽC�ｽO�ｽﾌ費ｿｽ�ｽﾌゑｿｽ) Hitachi Ops Center Analyzer (�ｽC�ｽO�ｽﾌ費ｿｽ�ｽﾌゑｿｽ) Hitachi Ops Center Analyzer viewpoint (�ｽC�ｽO�ｽﾌ費ｿｽ�ｽﾌゑｿｽ) Hitachi Ops Center API Configuration Manager Hitachi Ops Center Automator Hitachi Ops Center Common Services Hitachi Ops Center Viewpoint (�ｽ�ｽ�ｽ�ｽ�ｽﾌ費ｿｽ�ｽﾌゑｿｽ) Hitachi Replication Manager Hitachi Tiered Storage Manager Hitachi Tuning Manager uCosminexus Application Runtime with Java for Apache Tomcat uCosminexus Application Runtime with Java for Spring Boot uCosminexus Application Server uCosminexus Application Server(64) uCosminexus Application Server-R uCosminexus Client uCosminexus Developer uCosminexus Operator for Service Platform uCosminexus Primary Server Base uCosminexus Primary Server Base(64) uCosminexus Service Architect uCosminexus Service Platform uCosminexus Service Platform(64)

�ｽz�ｽ閧ｳ�ｽ�ｽ�ｽe�ｽ�ｽ
�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽｳゑｿｽ�ｽﾂ能�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾜゑｿｽ�ｽB
�ｽﾎ搾ｿｽ
�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ關ｳ�ｽ�ｽ�ｽﾈ対策が鯉ｿｽ�ｽJ�ｽ�ｽ�ｽ�ｽﾄゑｿｽ�ｽﾜゑｿｽ�ｽB�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ�ｽ�ｽQ�ｽﾆゑｿｽ�ｽﾄ適�ｽﾘな対搾ｿｽ�ｽ�ｽ�ｽ�ｽ{�ｽ�ｽ�ｽﾄゑｿｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽB
�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ
�ｽI�ｽ�ｽ�ｽN�ｽ�ｽ Oracle Critical Patch Update : Oracle Critical Patch Update Advisory - October 2023 Oracle Critical Patch Update : Text Form of Oracle Critical Patch Update - October 2023 Risk Matrices �ｽ�ｽ�ｽ�ｽ Hitachi Software Vulnerability Information : hitachi-sec-2023-146 Hitachi Software Vulnerability Information : hitachi-sec-2023-147 �ｽ\�ｽt�ｽg�ｽE�ｽF�ｽA�ｽ�ｽ�ｽi�ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : hitachi-sec-2023-146 �ｽ\�ｽt�ｽg�ｽE�ｽF�ｽA�ｽ�ｽ�ｽi�ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : hitachi-sec-2023-147
CWE�ｽﾉゑｿｽ�ｽﾆ弱性�ｽ^�ｽC�ｽv�ｽ齬� CWE�ｽﾆゑｿｽ?
�ｽ�ｽ�ｽs�ｽ�ｽ(CWE-noinfo) [NVD�ｽ]�ｽ�ｽ]
�ｽ�ｽ�ｽﾊ脆弱性�ｽ�ｽ�ｽﾊ子(CVE) CVE�ｽﾆゑｿｽ?
CVE-2023-22067
�ｽQ�ｽl�ｽ�ｽ�ｽ
National Vulnerability Database (NVD) : CVE-2023-22067 IPA �ｽd�ｽv�ｽﾈセ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : Oracle Java �ｽﾌ脆弱性�ｽﾎ搾ｿｽﾉつゑｿｽ�ｽ�ｽ(CVE-2023-30589�ｽ�ｽ) JPCERT �ｽ�ｽ�ｽﾓ奇ｿｽ�ｽN : JPCERT-AT-2023-0024
�ｽX�ｽV�ｽ�ｽ�ｽ�ｽ
[2023�ｽN10�ｽ�ｽ27�ｽ�ｽ] �ｽf�ｽ�ｽ [2023�ｽN11�ｽ�ｽ01�ｽ�ｽ] �ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽF�ｽ�ｽ�ｽ�ｽ (hitachi-sec-2023-146) �ｽ�ｽﾇ会ｿｽ �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽﾌ追会ｿｽ�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV [2023�ｽN11�ｽ�ｽ07�ｽ�ｽ] �ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽF�ｽ�ｽ�ｽ�ｽ (hitachi-sec-2023-147) �ｽ�ｽﾇ会ｿｽ �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽﾌ追会ｿｽ�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV [2023�ｽN12�ｽ�ｽ14�ｽ�ｽ] �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ (hitachi-sec-2023-146) �ｽﾌ更�ｽV�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV


�ｽ�ｽ�ｽ\�ｽ�ｽ	2023/10/17
�ｽo�ｽ^�ｽ�ｽ	2023/10/27
�ｽﾅ終�ｽX�ｽV�ｽ�ｽ	2023/12/14

�ｽI�ｽ�ｽ�ｽN�ｽ�ｽ�ｽ�ｽ JDK �ｽ�ｽ�ｽ�ｽ�ｽ JRE �ｽﾉゑｿｽ�ｽ�ｽ�ｽ�ｽﾆ弱性