Vulnerability in Oracle Java SE and GraalVM Enterprise Edition Affecting Multiple Versions
CVE-2024-21002

2.5LOW

Key Information:

Vendor

Oracle
Status
Java Se Jdk And Jre
Vendor
CVE Published:
16 April 2024

What is CVE-2024-21002?

A vulnerability exists within the Oracle Java SE and GraalVM Enterprise Edition products, specifically in the JavaFX component. This vulnerability allows an unauthenticated attacker who can log on to the infrastructure where these products are running to potentially exploit the system. Successful exploitation requires interaction from a user other than the attacker, making it particularly insidious. It poses risks of unauthorized access, including the ability to update, insert, or delete data within the systems. The vulnerability is particularly relevant for Java deployments utilizing sandboxed Java Web Start applications or applets that execute untrusted code, emphasizing the risks associated with loading external code without proper validation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Java SE JDK and JRE Oracle Java SE:8u401

Java SE JDK and JRE Oracle GraalVM Enterprise Edition:20.3.13

Java SE JDK and JRE Oracle GraalVM Enterprise Edition:21.3.9

References

https://www.oracle.com/security-alerts/cpuapr2024.html
vendor-advisory
https://security.netapp.com/advisory/ntap-20240426-0004/

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.