Serialization Vulnerability in Oracle Java SE and GraalVM Products
CVE-2024-21217

3.7LOW

Key Information:

Vendor: Oracle
Status: Oracle Java Se
Vendor: CVE Published:; 15 October 2024

Summary

A vulnerability has been identified in Oracle Java SE and GraalVM products that permits unauthenticated attackers to exploit the serialization component. This issue primarily affects users with network access, making it particularly concerning for systems using APIs to handle data. Successful exploitation could allow attackers to cause a partial denial of service (DoS) within the affected products. This vulnerability is relevant to environments where untrusted code is loaded, such as in sandboxed Java Web Start applications or applets, potentially compromising the integrity of the Java security model.

Affected Version(s)

Oracle Java SE Oracle Java SE:8u421

Oracle Java SE Oracle Java SE:8u421-perf

Oracle Java SE Oracle Java SE:11.0.24

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023