Vulnerability in Oracle Java SE and GraalVM Products
CVE-2024-21208

3.7LOW

Key Information:

Vendor: Oracle
Status: Oracle Java Se
Vendor: CVE Published:; 15 October 2024

Summary

This vulnerability allows unauthenticated attackers with network access to compromise specific versions of Oracle Java SE and GraalVM products through multiple protocols. It primarily affects Java deployments in client environments where untrusted code may be loaded, particularly in sandboxed Java Web Start applications or applets. Successful exploitation may grant attackers unauthorized partial denial of service capabilities, impacting availability. The risk is notably relevant for users operating Java applications that rely on the security features of the Java sandbox, whereas environments running solely trusted code remain unaffected.

Affected Version(s)

Oracle Java SE Oracle Java SE:8u421

Oracle Java SE Oracle Java SE:8u421-perf

Oracle Java SE Oracle Java SE:11.0.24

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023