CVE-2024-21147

CVSS 3.1 Score 7.4 of 10 (high)

Details

Published Jul 16, 2024
Updated: Aug 13, 2024
CWE ID 200

Summary

CVE-2024-21147 is a vulnerability affecting various versions of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. Affected versions include Oracle Java SE 8u411, 11.0.23, 17.0.11, 21.0.3, and 22.0.1, as well as Oracle GraalVM for JDK and Enterprise Edition with versions 17.0.11, 21.0.3, and 20.3.14, respectively. This issue, classified as difficult to exploit, enables unauthenticated attackers with network access to compromise these products, resulting in unauthorized access to critical data or complete access to all accessible data. The vulnerability can be exploited through APIs in the Hotspot component and applies to Java deployments that load and run untrusted code, relying on the Java sandbox for security. CVSS Base Score is 7.4 for Confidentiality and Integrity impacts.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share