CVE-2024-21147
CVSS 3.1 Score 7.4 of 10 (high)
Details
Summary
CVE-2024-21147 is a vulnerability affecting various versions of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. Affected versions include Oracle Java SE 8u411, 11.0.23, 17.0.11, 21.0.3, and 22.0.1, as well as Oracle GraalVM for JDK and Enterprise Edition with versions 17.0.11, 21.0.3, and 20.3.14, respectively. This issue, classified as difficult to exploit, enables unauthenticated attackers with network access to compromise these products, resulting in unauthorized access to critical data or complete access to all accessible data. The vulnerability can be exploited through APIs in the Hotspot component and applies to Java deployments that load and run untrusted code, relying on the Java sandbox for security. CVSS Base Score is 7.4 for Confidentiality and Integrity impacts.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.