Unauthorized Access Vulnerability in Oracle Java SE and GraalVM Enterprise Edition
CVE-2024-21085

3.7LOW

Key Information:

Vendor: Oracle
Status: Java Se Jdk And Jre
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition can be exploited by an unauthenticated attacker with network access across multiple protocols. This flaw, specifically in the Concurrency component, allows for potential unauthorized access, enabling a partial denial of service. The risk is heightened in environments using Java Web Start applications or Java applets that can execute untrusted code. The affected versions include Oracle Java SE 8u401, 8u401-perf, 11.0.22, and GraalVM versions 20.3.13 and 21.3.9.

Affected Version(s)

Java SE JDK and JRE Oracle Java SE:8u401

Java SE JDK and JRE Oracle Java SE:8u401-perf

Java SE JDK and JRE Oracle Java SE:11.0.22

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

https://lists.debian.org/debian-lts-announce/2024/04/msg0...

https://security.netapp.com/advisory/ntap-20240426-0004/

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2024