CVE-2024-20919

Summary

CVE-2024-20919 is a vulnerability in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. The affected versions include Oracle Java SE 8u391, 11.0.21, 17.0.9, and 21.0.1; Oracle GraalVM for JDK 17.0.9 and 21.0.1; and Oracle GraalVM Enterprise Edition 20.3.12, 21.3.8, and 22.3.4. This vulnerability can be exploited by an unauthenticated attacker with network access through multiple protocols to compromise the affected products and gain unauthorized access to critical or all accessible data within them. The successful exploitation of this vulnerability could result in the creation, deletion, or modification of data without authorization. It should be noted that exploiting this vulnerability requires supplying data to APIs in the specified component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. Note: The text provided does not contain information on how to remediate the vulnerability or the potential danger it poses to an organization beyond unauthorized access to critical data or all accessible data within the affected products.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.