Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition Vulnerability
CVE-2024-21235

4.8MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Java Se
Vendor: CVE Published:; 15 October 2024

Summary

This vulnerability exists within Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition, specifically in the Hotspot component. It poses a risk as it allows unauthenticated attackers with network access to exploit it via multiple protocols. The consequences of successful exploitation may include unauthorized updates, insertion, or deletion of accessible data, along with unauthorized read access to a subset of data within these products. The exploitation can occur through APIs, particularly when data is supplied to these APIs, and can also impact Java deployments that utilize sandboxed applications. This represents a significant concern for security, especially for environments that depend on the Java sandbox for isolation and protection of untrusted code.

Affected Version(s)

Oracle Java SE Oracle Java SE:8u421

Oracle Java SE Oracle Java SE:8u421-perf

Oracle Java SE Oracle Java SE:11.0.24

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023