CVE-2024-21217

Summary

CVE-2024-21217 is a vulnerability affecting Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition, specifically within the Serialization component. Supported affected versions include Oracle Java SE: 8u421, 11.0.24, 17.0.12, and 21.0.4; as well as Oracle GraalVM for JDK: 17.0.12 and higher; and GraalVM Enterprise Edition: 20.3.15 and 21.3.11. The vulnerability allows unauthenticated attackers with network access to potentially cause a partial denial of service (DoS) by exploiting APIs within the affected components, particularly through web services supplying data to these APIs. Remediation measures have not been specified in the provided information but typically involve applying security patches or updates provided by the vendor. The vulnerability has a low base severity rating of 3.7 on the CVSS scale but poses risks due to its exploitable nature via network access without requiring user interaction or privileges, resulting in low availability impact upon successful exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.