Unauthenticated Access Vulnerability in Oracle Java SE and GraalVM Products
CVE-2024-20921

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Java Se Jdk And Jre
Vendor: CVE Published:; 17 February 2024

Summary

A vulnerability in Oracle Java SE and GraalVM products allows unauthenticated attackers with network access to exploit multiple protocols. Successful exploitation can lead to unauthorized access to critical data, jeopardizing the integrity of applications relying on Java's security model. This vulnerability affects various versions of Oracle Java and GraalVM products, and can be triggered through APIs, including those used in web services. Java deployments leveraging sandboxed applications may also be at risk, as they may inadvertently run untrusted code from unverified sources.

Affected Version(s)

Java SE JDK and JRE Oracle Java SE:8u391

Java SE JDK and JRE Oracle Java SE:8u391-perf

Java SE JDK and JRE Oracle Java SE:11.0.21

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2024
Vulnerability Reserved
Dec 7, 2023