Unauthorized Access Vulnerability in Oracle Java SE and GraalVM Products
CVE-2024-21068

3.7LOW

Key Information:

Vendor: Oracle
Status: Java Se Jdk And Jre
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability in Oracle Java SE and GraalVM products can be exploited by an unauthenticated attacker with network access. This vulnerability allows potential unauthorized update, insertion, or deletion of data, particularly through APIs utilized in a web service context. Additionally, client deployments running sandboxed Java applications that rely on the Java security model may also be at risk. Users are advised to take precautionary measures to secure their Java environments against this risk.

Affected Version(s)

Java SE JDK and JRE Oracle Java SE:8u401-perf

Java SE JDK and JRE Oracle Java SE:11.0.22

Java SE JDK and JRE Oracle Java SE:17.0.10

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

https://lists.debian.org/debian-lts-announce/2024/04/msg0...

https://security.netapp.com/advisory/ntap-20240426-0004/

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2024