Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: Hotspot).
Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf,
11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle
GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to
exploit vulnerability allows unauthenticated attacker with network access
via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for
JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this
vulnerability can result in unauthorized creation, deletion or modification
access to critical data or all Oracle Java SE, Oracle GraalVM for JDK,
Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability
can only be exploited by supplying data to APIs in the specified Component
without using Untrusted Java Web Start applications or Untrusted Java
applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | openjdk-17 | < 17.0.10+7-1~18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | openjdk-17 | < 17.0.10+7-1~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | openjdk-17 | < 17.0.10+7-1~22.04.1 | UNKNOWN |
ubuntu | 23.10 | noarch | openjdk-17 | < 17.0.10+7-1~23.10.1 | UNKNOWN |
ubuntu | 20.04 | noarch | openjdk-21 | < 21.0.2+13-1~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | openjdk-21 | < 21.0.2+13-1~22.04.1 | UNKNOWN |
ubuntu | 23.10 | noarch | openjdk-21 | < 21.0.2+13-1~23.10.1 | UNKNOWN |
ubuntu | 23.10 | noarch | openjdk-22 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | openjdk-8 | < 8u402-ga-2ubuntu1~18.04 | UNKNOWN |
ubuntu | 20.04 | noarch | openjdk-8 | < 8u402-ga-2ubuntu1~20.04 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2024-20919
nvd.nist.gov/vuln/detail/CVE-2024-20919
security-tracker.debian.org/tracker/CVE-2024-20919
ubuntu.com/security/notices/USN-6660-1
ubuntu.com/security/notices/USN-6661-1
ubuntu.com/security/notices/USN-6662-1
ubuntu.com/security/notices/USN-6696-1
www.cve.org/CVERecord?id=CVE-2024-20919