CVSS 3.1 Score 5.9 of 10 (medium)


Published Feb 17, 2024
Updated: Feb 20, 2024


CVE-2024-20919 is a vulnerability in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. The affected versions include Oracle Java SE 8u391, 11.0.21, 17.0.9, and 21.0.1; Oracle GraalVM for JDK 17.0.9 and 21.0.1; and Oracle GraalVM Enterprise Edition 20.3.12, 21.3.8, and 22.3.4. This vulnerability can be exploited by an unauthenticated attacker with network access through multiple protocols to compromise the affected products and gain unauthorized access to critical or all accessible data within them. The successful exploitation of this vulnerability could result in the creation, deletion, or modification of data without authorization. It should be noted that exploiting this vulnerability requires supplying data to APIs in the specified component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. Note: The text provided does not contain information on how to remediate the vulnerability or the potential danger it poses to an organization beyond unauthorized access to critical data or all accessible data within the affected products.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-20919 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options