Vulnerability in Oracle Java SE and GraalVM Products
CVE-2024-21012

3.7LOW

Key Information:

Vendor: Oracle
Status: Java Se Jdk And Jre
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability exists in Oracle Java SE and GraalVM products that allows an unauthenticated attacker with network access to compromise the system through various protocols. This weakness primarily affects environments where Java deployments use sandboxed applications to run untrusted code, such as those downloaded from the internet. Successful exploitation may lead to unauthorized access to data, enabling malicious parties to alter or delete crucial information. Organizations are advised to apply security updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Java SE JDK and JRE Oracle Java SE:11.0.22

Java SE JDK and JRE Oracle Java SE:17.0.10

Java SE JDK and JRE Oracle Java SE:21.0.2

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

https://lists.debian.org/debian-lts-announce/2024/04/msg0...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2024