Unauthorised Data Access

2024-01-3018:26:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

unauthorized access

openjdk

security controls

oracle graalvm

vulnerability

exploitation

data access

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

openjdk is vulnerable to an unauthorized data access vulnerability. The vulnerability is due to insufficient security controls that allow an unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful exploitation of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

CPENameOperatorVersion
openjdk17:edgeeq17.0.6_p10-r0
openjdk17:edgeeq17.0.3_p7-r2
openjdk17:edgeeq17.0.3_p7-r1
openjdk17:edgeeq17.0.2_p8-r1
openjdk17:edgeeq17.0.4_p8-r0
openjdk17:edgeeq17.0.5_p8-r0
openjdk17:edgeeq17.0.4.1_p1-r0
openjdk17:edgeeq17.0.1_p12-r0
openjdk17:edgeeq17.0.7_p7-r1
openjdk17:edgeeq17.0.2_p8-r0

Name	Operator	Version
openjdk17:edge	eq	17.0.6_p10-r0
openjdk17:edge	eq	17.0.3_p7-r2
openjdk17:edge	eq	17.0.3_p7-r1
openjdk17:edge	eq	17.0.2_p8-r1
openjdk17:edge	eq	17.0.4_p8-r0
openjdk17:edge	eq	17.0.5_p8-r0
openjdk17:edge	eq	17.0.4.1_p1-r0
openjdk17:edge	eq	17.0.1_p12-r0
openjdk17:edge	eq	17.0.7_p7-r1
openjdk17:edge	eq	17.0.2_p8-r0