Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition Could Allow Unauthorized Access to Data
CVE-2024-20925

3.1LOW

Key Information:

Vendor: Oracle
Status: Java Se Jdk And Jre
Vendor: CVE Published:; 17 February 2024

Summary

A vulnerability exists in Oracle Java SE and Oracle GraalVM Enterprise Edition that could be exploited by an unauthenticated attacker with network access through multiple protocols. This flaw primarily impacts users running sandboxed Java Web Start applications or sandboxed Java applets that execute untrusted code. Successful exploitation of this vulnerability necessitates human interaction from a third party. If successfully attacked, the consequence may involve unauthorized operations such as updates, inserts, or deletions of data accessible within Oracle Java SE and GraalVM. It is important to note that this vulnerability is not applicable to server deployments where only trusted code is executed.

Affected Version(s)

Java SE JDK and JRE Oracle Java SE:8u391

Java SE JDK and JRE Oracle GraalVM Enterprise Edition:20.3.12

Java SE JDK and JRE Oracle GraalVM Enterprise Edition:21.3.8

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2024
Vulnerability Reserved
Dec 7, 2023