JavaFX Vulnerability in Oracle Java SE and GraalVM Enterprise Edition
CVE-2024-21004

2.5LOW

Key Information:

Vendor: Oracle
Status: Java Se Jdk And Jre
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability exists in the Oracle Java SE and Oracle GraalVM Enterprise Edition, specifically affecting the JavaFX component. This vulnerability enables an unauthenticated attacker with logon access to the environment where these products execute to compromise their security. Successful exploitation typically requires human interaction from an individual other than the attacker. This vulnerability can lead to unauthorized operations, such as update, insert, or delete actions on data accessible to Oracle Java SE and Oracle GraalVM Enterprise Edition. It is important to note that this vulnerability primarily impacts Java deployments running sandboxed Java Web Start applications or applets that utilize untrusted code, not those running trusted code installed by an administrator.

Affected Version(s)

Java SE JDK and JRE Oracle Java SE:8u401

Java SE JDK and JRE Oracle GraalVM Enterprise Edition:20.3.13

Java SE JDK and JRE Oracle GraalVM Enterprise Edition:21.3.9

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

https://security.netapp.com/advisory/ntap-20240426-0004/

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2024