Unauthenticated Remote Attack

2024-01-3018:27:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

oracle

java

graalvm

unauthenticated

remote

attack

vulnerability

multiple versions

protocols

unauthorized access

critical data

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.9%

JSON

Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition is vulnerable to an unauthenticated remote attack via multiple protocols. This vulnerability affects multiple versions, including Oracle Java SE 8u391, 11.0.21, 17.0.9, and 21.0.1, Oracle GraalVM for JDK 17.0.9 and 21.0.1, and Oracle GraalVM Enterprise Edition 20.3.12, 21.3.8, and 22.3.4. The vulnerability allows unauthorized access to critical data, including the creation, deletion, or modification of data.

CPENameOperatorVersion
openjdk11:3.17eq11.0.18_p10-r0
openjdk11:3.17eq11.0.17_p8-r3
openjdk11:3.17eq11.0.21_p9-r0
openjdk11:3.17eq11.0.19_p7-r0
openjdk11:3.17eq11.0.20_p8-r0
openjdk11:3.18eq11.0.19_p7-r0
openjdk11:3.18eq11.0.21_p9-r0
openjdk11:3.18eq11.0.19_p7-r1
openjdk11:3.18eq11.0.20_p8-r0
openjdk17:3.18eq17.0.7_p7-r0

Name	Operator	Version
openjdk11:3.17	eq	11.0.18_p10-r0
openjdk11:3.17	eq	11.0.17_p8-r3
openjdk11:3.17	eq	11.0.21_p9-r0
openjdk11:3.17	eq	11.0.19_p7-r0
openjdk11:3.17	eq	11.0.20_p8-r0
openjdk11:3.18	eq	11.0.19_p7-r0
openjdk11:3.18	eq	11.0.21_p9-r0
openjdk11:3.18	eq	11.0.19_p7-r1
openjdk11:3.18	eq	11.0.20_p8-r0
openjdk17:3.18	eq	17.0.7_p7-r0