JavaFX Vulnerability in Oracle Java SE and GraalVM Enterprise Edition
CVE-2024-21005

3.1LOW

Key Information:

Vendor: Oracle
Status: Java Se Jdk And Jre
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability affects Oracle Java SE and GraalVM Enterprise Edition, specifically within JavaFX. This issue allows an unauthenticated attacker with network access to exploit the vulnerability through various protocols. Successful exploitation necessitates human interaction from a third party. When exploited, the vulnerability may lead to unauthorized updates, insertion, or deletion of data within accessible Oracle Java SE and GraalVM environments. It primarily impacts Java deployments in sandboxed settings, such as Java Web Start applications or applets running untrusted code from the internet. It does not impact server deployments that only run trusted code provided by an administrator.

Affected Version(s)

Java SE JDK and JRE Oracle Java SE:8u401

Java SE JDK and JRE Oracle GraalVM Enterprise Edition:20.3.13

Java SE JDK and JRE Oracle GraalVM Enterprise Edition:21.3.9

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

https://security.netapp.com/advisory/ntap-20240426-0004/

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2024