{"Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition Vulnerability"}
CVE-2024-21147

7.4HIGH

Key Information:

Vendor: Oracle
Status: Java Se Jdk And Jre
Vendor: CVE Published:; 16 July 2024

Summary

A network-based security vulnerability affects Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition, allowing unauthenticated attackers with network access to potentially compromise these products. The vulnerability enables unauthorized creation, deletion, or modification of critical data and grants unauthorized access to all accessible data within the affected environments. Successful exploitation may occur through APIs in affected components, particularly in Java deployments utilizing sandboxed applications. This vulnerability poses significant risks to organizations leveraging these Oracle products, especially within environments that depend on the Java security model.

Affected Version(s)

Java SE JDK and JRE Oracle Java SE:8u411

Java SE JDK and JRE Oracle Java SE:8u411-perf

Java SE JDK and JRE Oracle Java SE:11.0.23

References

https://www.oracle.com/security-alerts/cpujul2024.html

vendor-advisory

https://security.netapp.com/advisory/ntap-20240719-0008/

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2024