Vulnerability in Oracle Java SE and GraalVM Enterprise Edition
CVE-2024-21144

3.7LOW

Key Information:

Vendor: Oracle
Status: Java Se Jdk And Jre
Vendor: CVE Published:; 16 July 2024

Summary

A vulnerability exists in Oracle Java SE and GraalVM Enterprise Edition that can be exploited by an unauthenticated attacker with network access through various protocols. This vulnerability poses a risk primarily to Java deployments that operate in environments where untrusted code is executed, such as sandboxed Java Web Start applications and applets. The successful exploitation of this vulnerability could lead to a partial denial of service, compromising the availability of the affected products. It is crucial for users and administrators to assess their environments and apply necessary mitigations to safeguard against these risks.

Affected Version(s)

Java SE JDK and JRE Oracle Java SE:8u411

Java SE JDK and JRE Oracle Java SE:8u411-perf

Java SE JDK and JRE Oracle Java SE:11.0.23

References

https://www.oracle.com/security-alerts/cpujul2024.html

vendor-advisory

https://security.netapp.com/advisory/ntap-20240719-0007/

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2024