Lucene search

K
cveOracleCVE-2024-20952
HistoryJan 16, 2024 - 10:15 p.m.

CVE-2024-20952

2024-01-1622:15:42
CWE-284
CWE-416
oracle
web.nvd.nist.gov
91
cve-2024-20952
oracle
java
se
oracle graalvm
graalvm for jdk
graalvm enterprise edition
vulnerability
unauthorized access
critical data
security
nvd
exploit

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

34.2%

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Affected configurations

Nvd
Vulners
Node
oraclegraalvmMatch20.3.12enterprise
OR
oraclegraalvmMatch21.3.8enterprise
OR
oraclegraalvmMatch22.3.4enterprise
OR
oraclegraalvm_for_jdkMatch17.0.9
OR
oraclegraalvm_for_jdkMatch21.0.1
OR
oraclejdkMatch1.8.0update391-
OR
oraclejdkMatch1.8.0update391enterprise_performance_pack
OR
oraclejdkMatch11.0.21
OR
oraclejdkMatch17.0.9
OR
oraclejdkMatch21.0.1
OR
oraclejreMatch1.8.0update391-
OR
oraclejreMatch1.8.0update391enterprise_performance_pack
OR
oraclejreMatch11.0.21
OR
oraclejreMatch17.0.9
OR
oraclejreMatch21.0.1
Node
netappcloud_insights_acquisition_unitMatch-
OR
netappcloud_insights_storage_workload_security_agentMatch-
OR
netapponcommand_insightMatch-
Node
debiandebian_linuxMatch10.0
VendorProductVersionCPE
oraclegraalvm20.3.12cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*
oraclegraalvm21.3.8cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*
oraclegraalvm22.3.4cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*
oraclegraalvm_for_jdk17.0.9cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
oraclegraalvm_for_jdk21.0.1cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
oraclejdk1.8.0cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*
oraclejdk1.8.0cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*
oraclejdk11.0.21cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*
oraclejdk17.0.9cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*
oraclejdk21.0.1cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*
Rows per page:
1-10 of 191

CNA Affected

[
  {
    "vendor": "Oracle Corporation",
    "product": "Java SE JDK and JRE",
    "versions": [
      {
        "version": "Oracle Java SE:8u391",
        "status": "affected"
      },
      {
        "version": "Oracle Java SE:8u391-perf",
        "status": "affected"
      },
      {
        "version": "Oracle Java SE:11.0.21",
        "status": "affected"
      },
      {
        "version": "Oracle Java SE:17.0.9",
        "status": "affected"
      },
      {
        "version": "Oracle Java SE:21.0.1",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM for JDK:17.0.9",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM for JDK:21.0.1",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM Enterprise Edition:20.3.12",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM Enterprise Edition:21.3.8",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM Enterprise Edition:22.3.4",
        "status": "affected"
      }
    ]
  }
]

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

34.2%