Vulnerability in Oracle Java SE and GraalVM Products
CVE-2024-21138

3.7LOW

Key Information:

Vendor: Oracle
Status: Java Se Jdk And Jre
Vendor: CVE Published:; 16 July 2024

Summary

A security flaw exists in Oracle's Java SE and GraalVM products, primarily in the Hotspot component, that can be exploited by unauthenticated attackers with network access via various protocols. This vulnerability enables attackers to initiate a partial denial of service attack on affected versions of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. Exploitation can occur through APIs, often connected to web services that provide data, making Java deployments, especially those running sandboxed applications or applets, particularly susceptible if they execute untrusted code. It is crucial for organizations using these products to assess their exposure and apply necessary mitigations.

Affected Version(s)

Java SE JDK and JRE Oracle Java SE:8u411

Java SE JDK and JRE Oracle Java SE:8u411-perf

Java SE JDK and JRE Oracle Java SE:11.0.23

References

https://www.oracle.com/security-alerts/cpujul2024.html

vendor-advisory

https://security.netapp.com/advisory/ntap-20240719-0008/

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2024