Vulnerabilites related to oracle - graalvm_for_jdk
CVE-2023-22025 (GCVE-0-2023-22025)
Vulnerability from cvelistv5
Published
2023-10-17 21:02
Modified
2024-09-13 16:36
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u381-perf Version: Oracle Java SE:17.0.8 Version: Oracle Java SE:21 Version: Oracle GraalVM for JDK:17.0.8 Version: Oracle GraalVM for JDK:21 Version: Oracle GraalVM Enterprise Edition:21.3.7 Version: Oracle GraalVM Enterprise Edition:22.3.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:59:28.998Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231027-0006/", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5548", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22025", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T16:28:29.558794Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T16:36:38.444Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u381-perf", }, { status: "affected", version: "Oracle Java SE:17.0.8", }, { status: "affected", version: "Oracle Java SE:21", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.8", }, { status: "affected", version: "Oracle GraalVM for JDK:21", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.7", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.3", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-08T04:14:29.313Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2023.html", }, { url: "https://security.netapp.com/advisory/ntap-20231027-0006/", }, { url: "https://www.debian.org/security/2023/dsa-5548", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2023-22025", datePublished: "2023-10-17T21:02:47.615Z", dateReserved: "2022-12-17T19:26:00.752Z", dateUpdated: "2024-09-13T16:36:38.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22036 (GCVE-0-2023-22036)
Vulnerability from cvelistv5
Published
2023-07-18 20:18
Modified
2025-02-13 16:43
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:11.0.19 Version: Oracle Java SE:17.0.7 Version: Oracle Java SE:20.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.10 Version: Oracle GraalVM Enterprise Edition:21.3.6 Version: Oracle GraalVM Enterprise Edition:22.3.2 Version: Oracle GraalVM for JDK:17.0.7 Version: Oracle GraalVM for JDK:20.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:59:28.789Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:11.0.19", }, { status: "affected", version: "Oracle Java SE:17.0.7", }, { status: "affected", version: "Oracle Java SE:20.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.10", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.6", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.2", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.7", }, { status: "affected", version: "Oracle GraalVM for JDK:20.0.1", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-19T10:06:31.451Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { url: "https://www.debian.org/security/2023/dsa-5458", }, { url: "https://www.debian.org/security/2023/dsa-5478", }, { url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2023-22036", datePublished: "2023-07-18T20:18:20.850Z", dateReserved: "2022-12-17T19:26:00.753Z", dateUpdated: "2025-02-13T16:43:28.142Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22091 (GCVE-0-2023-22091)
Vulnerability from cvelistv5
Published
2023-10-17 21:03
Modified
2024-09-13 16:06
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2023.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | GraalVM Enterprise Edition |
Version: Oracle GraalVM for JDK:17.0.8 Version: Oracle GraalVM for JDK:21 Version: Oracle GraalVM Enterprise Edition:20.3.11 Version: Oracle GraalVM Enterprise Edition:21.3.7 Version: Oracle GraalVM Enterprise Edition:22.3.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:59:28.855Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2023.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22091", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T16:06:19.488294Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T16:06:37.710Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "GraalVM Enterprise Edition", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle GraalVM for JDK:17.0.8", }, { status: "affected", version: "Oracle GraalVM for JDK:21", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.11", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.7", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.3", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-08T04:14:28.941Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2023.html", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2023-22091", datePublished: "2023-10-17T21:03:01.149Z", dateReserved: "2022-12-17T19:26:00.760Z", dateUpdated: "2024-09-13T16:06:37.710Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22051 (GCVE-0-2023-22051)
Vulnerability from cvelistv5
Published
2023-07-18 20:18
Modified
2024-09-13 16:41
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2023.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | GraalVM Enterprise Edition |
Version: Oracle GraalVM Enterprise Edition:21.3.6 Version: Oracle GraalVM Enterprise Edition:22.3.2 Version: Oracle GraalVM for JDK:17.0.7 Version: Oracle GraalVM for JDK:20.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:59:28.815Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22051", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T16:28:55.452209Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T16:41:50.038Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "GraalVM Enterprise Edition", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.6", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.2", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.7", }, { status: "affected", version: "Oracle GraalVM for JDK:20.0.1", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-18T20:18:33.486Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2023-22051", datePublished: "2023-07-18T20:18:33.486Z", dateReserved: "2022-12-17T19:26:00.756Z", dateUpdated: "2024-09-13T16:41:50.038Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-21217 (GCVE-0-2024-21217)
Vulnerability from cvelistv5
Published
2024-10-15 19:52
Modified
2025-03-13 13:55
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2024.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle Java SE |
Version: Oracle Java SE:8u421 Version: Oracle Java SE:8u421-perf Version: Oracle Java SE:11.0.24 Version: Oracle Java SE:17.0.12 Version: Oracle Java SE:21.0.4 Version: Oracle Java SE:23 Version: Oracle GraalVM for JDK:17.0.12 Version: Oracle GraalVM for JDK:21.0.4 Version: Oracle GraalVM for JDK:23 Version: Oracle GraalVM Enterprise Edition:20.3.15 Version: Oracle GraalVM Enterprise Edition:21.3.11 cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:* cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21217", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-17T13:44:31.294836Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T13:55:34.558Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*", ], product: "Oracle Java SE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u421", }, { status: "affected", version: "Oracle Java SE:8u421-perf", }, { status: "affected", version: "Oracle Java SE:11.0.24", }, { status: "affected", version: "Oracle Java SE:17.0.12", }, { status: "affected", version: "Oracle Java SE:21.0.4", }, { status: "affected", version: "Oracle Java SE:23", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.12", }, { status: "affected", version: "Oracle GraalVM for JDK:21.0.4", }, { status: "affected", version: "Oracle GraalVM for JDK:23", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.15", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.11", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T19:52:43.814Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-21217", datePublished: "2024-10-15T19:52:43.814Z", dateReserved: "2023-12-07T22:28:10.691Z", dateUpdated: "2025-03-13T13:55:34.558Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-20932 (GCVE-0-2024-20932)
Vulnerability from cvelistv5
Published
2024-01-16 21:41
Modified
2025-02-13 17:32
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:17.0.9 Version: Oracle GraalVM for JDK:17.0.9 Version: Oracle GraalVM Enterprise Edition:21.3.8 Version: Oracle GraalVM Enterprise Edition:22.3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:06:37.353Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-20932", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-30T15:51:25.131686Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-30T15:52:16.674Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:17.0.9", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.9", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.8", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.4", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-01T17:06:49.517Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-20932", datePublished: "2024-01-16T21:41:17.380Z", dateReserved: "2023-12-07T22:28:10.622Z", dateUpdated: "2025-02-13T17:32:42.039Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-21138 (GCVE-0-2024-21138)
Vulnerability from cvelistv5
Published
2024-07-16 22:39
Modified
2025-03-13 17:09
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u411 Version: Oracle Java SE:8u411-perf Version: Oracle Java SE:11.0.23 Version: Oracle Java SE:17.0.11 Version: Oracle Java SE:21.0.3 Version: Oracle Java SE:22.0.1 Version: Oracle GraalVM for JDK:17.0.11 Version: Oracle GraalVM for JDK:21.0.3 Version: Oracle GraalVM for JDK:22.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.14 Version: Oracle GraalVM Enterprise Edition:21.3.10 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21138", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-17T13:32:40.581780Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T17:09:26.823Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:13:42.697Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240719-0008/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u411", }, { status: "affected", version: "Oracle Java SE:8u411-perf", }, { status: "affected", version: "Oracle Java SE:11.0.23", }, { status: "affected", version: "Oracle Java SE:17.0.11", }, { status: "affected", version: "Oracle Java SE:21.0.3", }, { status: "affected", version: "Oracle Java SE:22.0.1", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.11", }, { status: "affected", version: "Oracle GraalVM for JDK:21.0.3", }, { status: "affected", version: "Oracle GraalVM for JDK:22.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.14", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.10", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-19T13:06:11.463Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, { url: "https://security.netapp.com/advisory/ntap-20240719-0008/", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-21138", datePublished: "2024-07-16T22:39:56.205Z", dateReserved: "2023-12-07T22:28:10.682Z", dateUpdated: "2025-03-13T17:09:26.823Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-21098 (GCVE-0-2024-21098)
Vulnerability from cvelistv5
Published
2024-04-16 21:26
Modified
2024-11-15 19:11
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2024.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | GraalVM |
Version: Oracle GraalVM for JDK:17.0.10 Version: Oracle GraalVM for JDK:21.0.2 Version: Oracle GraalVM for JDK:22 Version: Oracle GraalVM Enterprise Edition:20.3.13 Version: Oracle GraalVM Enterprise Edition:21.3.9 cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21098", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-15T19:21:01.904883Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T19:11:30.338Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:13:42.661Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2024.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*", ], product: "GraalVM", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle GraalVM for JDK:17.0.10", }, { status: "affected", version: "Oracle GraalVM for JDK:21.0.2", }, { status: "affected", version: "Oracle GraalVM for JDK:22", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.13", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.9", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-16T21:26:31.636Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2024.html", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-21098", datePublished: "2024-04-16T21:26:31.636Z", dateReserved: "2023-12-07T22:28:10.675Z", dateUpdated: "2024-11-15T19:11:30.338Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22006 (GCVE-0-2023-22006)
Vulnerability from cvelistv5
Published
2023-07-18 20:18
Modified
2025-02-13 16:43
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:11.0.19 Version: Oracle Java SE:17.0.7 Version: Oracle Java SE:20.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.10 Version: Oracle GraalVM Enterprise Edition:21.3.6 Version: Oracle GraalVM Enterprise Edition:22.3.2 Version: Oracle GraalVM for JDK:17.0.7 Version: Oracle GraalVM for JDK:20.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:59:28.529Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:11.0.19", }, { status: "affected", version: "Oracle Java SE:17.0.7", }, { status: "affected", version: "Oracle Java SE:20.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.10", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.6", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.2", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.7", }, { status: "affected", version: "Oracle GraalVM for JDK:20.0.1", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-19T10:06:18.688Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { url: "https://www.debian.org/security/2023/dsa-5458", }, { url: "https://www.debian.org/security/2023/dsa-5478", }, { url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2023-22006", datePublished: "2023-07-18T20:18:06.679Z", dateReserved: "2022-12-17T19:26:00.745Z", dateUpdated: "2025-02-13T16:43:22.742Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22044 (GCVE-0-2023-22044)
Vulnerability from cvelistv5
Published
2023-07-18 20:18
Modified
2025-02-13 16:43
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u371-perf Version: Oracle Java SE:17.0.7 Version: Oracle Java SE:20.0.1 Version: Oracle GraalVM Enterprise Edition:21.3.6 Version: Oracle GraalVM Enterprise Edition:22.3.2 Version: Oracle GraalVM for JDK:17.0.7 Version: Oracle GraalVM for JDK:20.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:59:28.778Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5458", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22044", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T16:29:00.942800Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T16:43:40.934Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u371-perf", }, { status: "affected", version: "Oracle Java SE:17.0.7", }, { status: "affected", version: "Oracle Java SE:20.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.6", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.2", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.7", }, { status: "affected", version: "Oracle GraalVM for JDK:20.0.1", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-26T03:06:16.807Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { url: "https://www.debian.org/security/2023/dsa-5458", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2023-22044", datePublished: "2023-07-18T20:18:28.006Z", dateReserved: "2022-12-17T19:26:00.754Z", dateUpdated: "2025-02-13T16:43:30.316Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22049 (GCVE-0-2023-22049)
Vulnerability from cvelistv5
Published
2023-07-18 20:18
Modified
2025-02-13 16:43
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u371 Version: Oracle Java SE:8u371-perf Version: Oracle Java SE:11.0.19 Version: Oracle Java SE:17.0.7 Version: Oracle Java SE:20.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.10 Version: Oracle GraalVM Enterprise Edition:21.3.6 Version: Oracle GraalVM Enterprise Edition:22.3.2 Version: Oracle GraalVM for JDK:17.0.7 Version: Oracle GraalVM for JDK:20.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:59:28.682Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u371", }, { status: "affected", version: "Oracle Java SE:8u371-perf", }, { status: "affected", version: "Oracle Java SE:11.0.19", }, { status: "affected", version: "Oracle Java SE:17.0.7", }, { status: "affected", version: "Oracle Java SE:20.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.10", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.6", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.2", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.7", }, { status: "affected", version: "Oracle GraalVM for JDK:20.0.1", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:07:14.476Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { url: "https://www.debian.org/security/2023/dsa-5458", }, { url: "https://www.debian.org/security/2023/dsa-5478", }, { url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2023-22049", datePublished: "2023-07-18T20:18:32.121Z", dateReserved: "2022-12-17T19:26:00.755Z", dateUpdated: "2025-02-13T16:43:32.651Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-20952 (GCVE-0-2024-20952)
Vulnerability from cvelistv5
Published
2024-01-16 21:41
Modified
2025-02-13 17:32
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u391 Version: Oracle Java SE:8u391-perf Version: Oracle Java SE:11.0.21 Version: Oracle Java SE:17.0.9 Version: Oracle Java SE:21.0.1 Version: Oracle GraalVM for JDK:17.0.9 Version: Oracle GraalVM for JDK:21.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.12 Version: Oracle GraalVM Enterprise Edition:21.3.8 Version: Oracle GraalVM Enterprise Edition:22.3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:06:37.367Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-20952", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-25T05:01:04.858571Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-30T15:29:52.965Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u391", }, { status: "affected", version: "Oracle Java SE:8u391-perf", }, { status: "affected", version: "Oracle Java SE:11.0.21", }, { status: "affected", version: "Oracle Java SE:17.0.9", }, { status: "affected", version: "Oracle Java SE:21.0.1", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.9", }, { status: "affected", version: "Oracle GraalVM for JDK:21.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.12", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.8", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.4", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-01T17:06:51.113Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-20952", datePublished: "2024-01-16T21:41:20.593Z", dateReserved: "2023-12-07T22:28:10.627Z", dateUpdated: "2025-02-13T17:32:42.633Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-21068 (GCVE-0-2024-21068)
Vulnerability from cvelistv5
Published
2024-04-16 21:26
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u401-perf Version: Oracle Java SE:11.0.22 Version: Oracle Java SE:17.0.10 Version: Oracle Java SE:21.0.2 Version: Oracle Java SE:22 Version: Oracle GraalVM for JDK:17.0.10 Version: Oracle GraalVM for JDK:21.0.2 Version: Oracle GraalVM for JDK:22 Version: Oracle GraalVM Enterprise Edition:21.3.9 cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:* cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21068", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T19:30:18.174295Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-05T21:22:59.909Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:13:42.375Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2024.html", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240426-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:*", "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*", ], product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u401-perf", }, { status: "affected", version: "Oracle Java SE:11.0.22", }, { status: "affected", version: "Oracle Java SE:17.0.10", }, { status: "affected", version: "Oracle Java SE:21.0.2", }, { status: "affected", version: "Oracle Java SE:22", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.10", }, { status: "affected", version: "Oracle GraalVM for JDK:21.0.2", }, { status: "affected", version: "Oracle GraalVM for JDK:22", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.9", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-26T09:06:54.445Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2024.html", }, { url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html", }, { url: "https://security.netapp.com/advisory/ntap-20240426-0004/", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-21068", datePublished: "2024-04-16T21:26:21.424Z", dateReserved: "2023-12-07T22:28:10.665Z", dateUpdated: "2025-02-13T17:33:06.235Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-21131 (GCVE-0-2024-21131)
Vulnerability from cvelistv5
Published
2024-07-16 22:39
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u411 Version: Oracle Java SE:8u411-perf Version: Oracle Java SE:11.0.23 Version: Oracle Java SE:17.0.11 Version: Oracle Java SE:21.0.3 Version: Oracle Java SE:22.0.1 Version: Oracle GraalVM for JDK:17.0.11 Version: Oracle GraalVM for JDK:21.0.3 Version: Oracle GraalVM for JDK:22.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.14 Version: Oracle GraalVM Enterprise Edition:21.3.10 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21131", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-17T13:34:16.932375Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-07T17:07:59.694Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:13:42.680Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240719-0008/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u411", }, { status: "affected", version: "Oracle Java SE:8u411-perf", }, { status: "affected", version: "Oracle Java SE:11.0.23", }, { status: "affected", version: "Oracle Java SE:17.0.11", }, { status: "affected", version: "Oracle Java SE:21.0.3", }, { status: "affected", version: "Oracle Java SE:22.0.1", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.11", }, { status: "affected", version: "Oracle GraalVM for JDK:21.0.3", }, { status: "affected", version: "Oracle GraalVM for JDK:22.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.14", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.10", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-19T13:06:06.593Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, { url: "https://security.netapp.com/advisory/ntap-20240719-0008/", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-21131", datePublished: "2024-07-16T22:39:53.849Z", dateReserved: "2023-12-07T22:28:10.682Z", dateUpdated: "2025-02-13T17:33:11.353Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-20926 (GCVE-0-2024-20926)
Vulnerability from cvelistv5
Published
2024-01-16 21:41
Modified
2025-02-13 17:32
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u391 Version: Oracle Java SE:8u391-perf Version: Oracle Java SE:11.0.21 Version: Oracle GraalVM for JDK:17.0.9 Version: Oracle GraalVM Enterprise Edition:20.3.12 Version: Oracle GraalVM Enterprise Edition:21.3.8 Version: Oracle GraalVM Enterprise Edition:22.3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:06:37.325Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u391", }, { status: "affected", version: "Oracle Java SE:8u391-perf", }, { status: "affected", version: "Oracle Java SE:11.0.21", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.9", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.12", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.8", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.4", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-01T17:06:47.505Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-20926", datePublished: "2024-01-16T21:41:16.336Z", dateReserved: "2023-12-07T22:28:10.621Z", dateUpdated: "2025-02-13T17:32:41.431Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-20954 (GCVE-0-2024-20954)
Vulnerability from cvelistv5
Published
2024-04-16 21:25
Modified
2024-11-25 20:33
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2024.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | GraalVM |
Version: Oracle GraalVM for JDK:17.0.10 Version: Oracle GraalVM for JDK:21.0.2 Version: Oracle GraalVM for JDK:22 Version: Oracle GraalVM Enterprise Edition:20.3.13 Version: Oracle GraalVM Enterprise Edition:21.3.9 cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20954", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-30T16:00:30.365525Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-25T20:33:05.209Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:06:37.376Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2024.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*", ], product: "GraalVM", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle GraalVM for JDK:17.0.10", }, { status: "affected", version: "Oracle GraalVM for JDK:21.0.2", }, { status: "affected", version: "Oracle GraalVM for JDK:22", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.13", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.9", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-16T21:25:05.152Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2024.html", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-20954", datePublished: "2024-04-16T21:25:05.152Z", dateReserved: "2023-12-07T22:28:10.627Z", dateUpdated: "2024-11-25T20:33:05.209Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-20919 (GCVE-0-2024-20919)
Vulnerability from cvelistv5
Published
2024-02-17 01:50
Modified
2024-11-01 20:06
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujan2024.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u391 Version: Oracle Java SE:8u391-perf Version: Oracle Java SE:11.0.21 Version: Oracle Java SE:17.0.9 Version: Oracle Java SE:21.0.1 Version: Oracle GraalVM for JDK:17.0.9 Version: Oracle GraalVM for JDK:21.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.12 Version: Oracle GraalVM Enterprise Edition:21.3.8 Version: Oracle GraalVM Enterprise Edition:22.3.4 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20919", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-29T16:45:00.612153Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-01T20:06:07.165Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:06:37.337Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u391", }, { status: "affected", version: "Oracle Java SE:8u391-perf", }, { status: "affected", version: "Oracle Java SE:11.0.21", }, { status: "affected", version: "Oracle Java SE:17.0.9", }, { status: "affected", version: "Oracle Java SE:21.0.1", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.9", }, { status: "affected", version: "Oracle GraalVM for JDK:21.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.12", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.8", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.4", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-17T01:50:10.320Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-20919", datePublished: "2024-02-17T01:50:10.320Z", dateReserved: "2023-12-07T22:28:10.619Z", dateUpdated: "2024-11-01T20:06:07.165Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22045 (GCVE-0-2023-22045)
Vulnerability from cvelistv5
Published
2023-07-18 20:18
Modified
2025-02-13 16:43
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u371 Version: Oracle Java SE:8u371-perf Version: Oracle Java SE:11.0.19 Version: Oracle Java SE:17.0.7 Version: Oracle Java SE:20.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.10 Version: Oracle GraalVM Enterprise Edition:21.3.6 Version: Oracle GraalVM Enterprise Edition:22.3.2 Version: Oracle GraalVM for JDK:17.0.7 Version: Oracle GraalVM for JDK:20.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:59:28.912Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u371", }, { status: "affected", version: "Oracle Java SE:8u371-perf", }, { status: "affected", version: "Oracle Java SE:11.0.19", }, { status: "affected", version: "Oracle Java SE:17.0.7", }, { status: "affected", version: "Oracle Java SE:20.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.10", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.6", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.2", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.7", }, { status: "affected", version: "Oracle GraalVM for JDK:20.0.1", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-19T10:06:25.832Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { url: "https://www.debian.org/security/2023/dsa-5458", }, { url: "https://www.debian.org/security/2023/dsa-5478", }, { url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2023-22045", datePublished: "2023-07-18T20:18:28.991Z", dateReserved: "2022-12-17T19:26:00.754Z", dateUpdated: "2025-02-13T16:43:30.946Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-20955 (GCVE-0-2024-20955)
Vulnerability from cvelistv5
Published
2024-01-16 21:41
Modified
2024-10-22 15:42
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujan2024.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | GraalVM Enterprise Edition |
Version: Oracle GraalVM for JDK:17.0.9 Version: Oracle GraalVM for JDK:21.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.12 Version: Oracle GraalVM Enterprise Edition:21.3.8 Version: Oracle GraalVM Enterprise Edition:22.3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:06:37.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-20955", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-17T16:45:19.941394Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-22T15:42:08.714Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "GraalVM Enterprise Edition", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle GraalVM for JDK:17.0.9", }, { status: "affected", version: "Oracle GraalVM for JDK:21.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.12", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.8", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.4", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-26T21:59:54.860Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-20955", datePublished: "2024-01-16T21:41:20.952Z", dateReserved: "2023-12-07T22:28:10.627Z", dateUpdated: "2024-10-22T15:42:08.714Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22081 (GCVE-0-2023-22081)
Vulnerability from cvelistv5
Published
2023-10-17 21:02
Modified
2024-08-02 09:59
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u381 Version: Oracle Java SE:8u381-perf Version: Oracle Java SE:11.0.20 Version: Oracle Java SE:17.0.8 Version: Oracle Java SE:21 Version: Oracle GraalVM for JDK:17.0.8 Version: Oracle GraalVM for JDK:21 Version: Oracle GraalVM Enterprise Edition:20.3.11 Version: Oracle GraalVM Enterprise Edition:21.3.7 Version: Oracle GraalVM Enterprise Edition:22.3.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:59:29.109Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231027-0006/", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5537", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5548", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u381", }, { status: "affected", version: "Oracle Java SE:8u381-perf", }, { status: "affected", version: "Oracle Java SE:11.0.20", }, { status: "affected", version: "Oracle Java SE:17.0.8", }, { status: "affected", version: "Oracle Java SE:21", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.8", }, { status: "affected", version: "Oracle GraalVM for JDK:21", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.11", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.7", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.3", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-08T04:14:14.116Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2023.html", }, { url: "https://security.netapp.com/advisory/ntap-20231027-0006/", }, { url: "https://www.debian.org/security/2023/dsa-5537", }, { url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html", }, { url: "https://www.debian.org/security/2023/dsa-5548", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2023-22081", datePublished: "2023-10-17T21:02:56.346Z", dateReserved: "2022-12-17T19:26:00.759Z", dateUpdated: "2024-08-02T09:59:29.109Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-21145 (GCVE-0-2024-21145)
Vulnerability from cvelistv5
Published
2024-07-16 22:39
Modified
2025-03-13 14:00
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u411 Version: Oracle Java SE:8u411-perf Version: Oracle Java SE:11.0.23 Version: Oracle Java SE:17.0.11 Version: Oracle Java SE:21.0.3 Version: Oracle Java SE:22.0.1 Version: Oracle GraalVM for JDK:17.0.11 Version: Oracle GraalVM for JDK:21.0.3 Version: Oracle GraalVM for JDK:22.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.14 Version: Oracle GraalVM Enterprise Edition:21.3.10 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-21145", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-17T13:58:12.588215Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T14:00:55.465Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:13:42.684Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240719-0008/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u411", }, { status: "affected", version: "Oracle Java SE:8u411-perf", }, { status: "affected", version: "Oracle Java SE:11.0.23", }, { status: "affected", version: "Oracle Java SE:17.0.11", }, { status: "affected", version: "Oracle Java SE:21.0.3", }, { status: "affected", version: "Oracle Java SE:22.0.1", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.11", }, { status: "affected", version: "Oracle GraalVM for JDK:21.0.3", }, { status: "affected", version: "Oracle GraalVM for JDK:22.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.14", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.10", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-19T13:06:08.196Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, { url: "https://security.netapp.com/advisory/ntap-20240719-0008/", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-21145", datePublished: "2024-07-16T22:39:58.658Z", dateReserved: "2023-12-07T22:28:10.683Z", dateUpdated: "2025-03-13T14:00:55.465Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22041 (GCVE-0-2023-22041)
Vulnerability from cvelistv5
Published
2023-07-18 20:18
Modified
2025-02-13 16:43
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u371-perf Version: Oracle Java SE:11.0.19 Version: Oracle Java SE:17.0.7 Version: Oracle Java SE:20.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.10 Version: Oracle GraalVM Enterprise Edition:21.3.6 Version: Oracle GraalVM Enterprise Edition:22.3.2 Version: Oracle GraalVM for JDK:17.0.7 Version: Oracle GraalVM for JDK:20.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:59:28.638Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u371-perf", }, { status: "affected", version: "Oracle Java SE:11.0.19", }, { status: "affected", version: "Oracle Java SE:17.0.7", }, { status: "affected", version: "Oracle Java SE:20.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.10", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.6", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.2", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.7", }, { status: "affected", version: "Oracle GraalVM for JDK:20.0.1", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-19T10:06:13.488Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { url: "https://www.debian.org/security/2023/dsa-5458", }, { url: "https://www.debian.org/security/2023/dsa-5478", }, { url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2023-22041", datePublished: "2023-07-18T20:18:24.914Z", dateReserved: "2022-12-17T19:26:00.754Z", dateUpdated: "2025-02-13T16:43:29.220Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-21235 (GCVE-0-2024-21235)
Vulnerability from cvelistv5
Published
2024-10-15 19:52
Modified
2025-03-25 17:00
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2024.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle Java SE |
Version: Oracle Java SE:8u421 Version: Oracle Java SE:8u421-perf Version: Oracle Java SE:11.0.24 Version: Oracle Java SE:17.0.12 Version: Oracle Java SE:21.0.4 Version: Oracle Java SE:23 Version: Oracle GraalVM for JDK:17.0.12 Version: Oracle GraalVM for JDK:21.0.4 Version: Oracle GraalVM for JDK:23 Version: Oracle GraalVM Enterprise Edition:20.3.15 Version: Oracle GraalVM Enterprise Edition:21.3.11 cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:* cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21235", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-16T14:30:43.618436Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T17:00:08.660Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*", ], product: "Oracle Java SE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u421", }, { status: "affected", version: "Oracle Java SE:8u421-perf", }, { status: "affected", version: "Oracle Java SE:11.0.24", }, { status: "affected", version: "Oracle Java SE:17.0.12", }, { status: "affected", version: "Oracle Java SE:21.0.4", }, { status: "affected", version: "Oracle Java SE:23", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.12", }, { status: "affected", version: "Oracle GraalVM for JDK:21.0.4", }, { status: "affected", version: "Oracle GraalVM for JDK:23", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.15", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.11", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T19:52:46.900Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-21235", datePublished: "2024-10-15T19:52:46.900Z", dateReserved: "2023-12-07T22:28:10.698Z", dateUpdated: "2025-03-25T17:00:08.660Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-20918 (GCVE-0-2024-20918)
Vulnerability from cvelistv5
Published
2024-01-16 21:41
Modified
2025-02-13 17:32
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u391 Version: Oracle Java SE:8u391-perf Version: Oracle Java SE:11.0.21 Version: Oracle Java SE:17.0.9 Version: Oracle Java SE:21.0.1 Version: Oracle GraalVM for JDK:17.0.9 Version: Oracle GraalVM for JDK:21.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.12 Version: Oracle GraalVM Enterprise Edition:21.3.8 Version: Oracle GraalVM Enterprise Edition:22.3.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:06:37.342Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:8u391", }, { status: "affected", version: "Oracle Java SE:8u391-perf", }, { status: "affected", version: "Oracle Java SE:11.0.21", }, { status: "affected", version: "Oracle Java SE:17.0.9", }, { status: "affected", version: "Oracle Java SE:21.0.1", }, { status: "affected", version: "Oracle GraalVM for JDK:17.0.9", }, { status: "affected", version: "Oracle GraalVM for JDK:21.0.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.12", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.8", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.3.4", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-01T17:06:45.864Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2024-20918", datePublished: "2024-01-16T21:41:14.954Z", dateReserved: "2023-12-07T22:28:10.619Z", dateUpdated: "2025-02-13T17:32:40.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-04-16 22:15
Modified
2024-12-06 14:35
Severity ?
Summary
Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.13 | |
| oracle | graalvm | 21.3.9 | |
| oracle | graalvm_for_jdk | 17.0.10 | |
| oracle | graalvm_for_jdk | 21.0.2 | |
| oracle | graalvm_for_jdk | 22 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*", matchCriteriaId: "00EDC8FF-13F2-4218-9EF4-B509364AE7B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*", matchCriteriaId: "938A32D1-FBAB-42AE-87A7-AB19402B561A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", matchCriteriaId: "880BE1FE-FBFF-4CC1-B0D1-BAF025F58D4A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "27876EF0-E7C0-4B3E-8C8B-009736D1F57C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", matchCriteriaId: "EAD84F79-1DAE-4943-8167-861144067B4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en Oracle GraalVM para JDK, producto Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Compilador). Las versiones compatibles que se ven afectadas son Oracle GraalVM para JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 y 21.3.9. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegación de servicio parcial (DOS parcial) de Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Puntuación base 3.7 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], id: "CVE-2024-21098", lastModified: "2024-12-06T14:35:46.047", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2024-04-16T22:15:30.550", references: [ { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2024.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-16 22:15
Modified
2024-12-06 19:22
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html | Mailing List, Third Party Advisory | |
| secalert_us@oracle.com | https://security.netapp.com/advisory/ntap-20240426-0004/ | Third Party Advisory | |
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuapr2024.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240426-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2024.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 21.3.9 | |
| oracle | graalvm_for_jdk | 17.0.10 | |
| oracle | graalvm_for_jdk | 21.0.2 | |
| oracle | graalvm_for_jdk | 22 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.22 | |
| oracle | jdk | 17.0.10 | |
| oracle | jdk | 21.0.2 | |
| oracle | jdk | 22.0.1 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.22 | |
| oracle | jre | 17.0.10 | |
| oracle | jre | 21.0.2 | |
| oracle | jre | 22 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | data_infrastructure_insights_acquisition_unit | - | |
| netapp | data_infrastructure_insights_storage_workload_security_agent | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*", matchCriteriaId: "938A32D1-FBAB-42AE-87A7-AB19402B561A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", matchCriteriaId: "880BE1FE-FBFF-4CC1-B0D1-BAF025F58D4A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "27876EF0-E7C0-4B3E-8C8B-009736D1F57C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", matchCriteriaId: "EAD84F79-1DAE-4943-8167-861144067B4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update401:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "7E749FF6-64BC-4396-9E47-1879592E1E55", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.22:*:*:*:*:*:*:*", matchCriteriaId: "C75B6911-F927-4E92-B921-035FA813B211", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.10:*:*:*:*:*:*:*", matchCriteriaId: "F61BF03B-43C2-41FB-BBA2-B2A667AC4236", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "773190A6-9504-4BE1-9704-2909DEC25982", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:22.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3AD2D0EA-694D-4629-A1F7-244C9B154248", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update401:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "27909A41-F6F0-4D93-9238-3001C9872140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.22:*:*:*:*:*:*:*", matchCriteriaId: "FB0D5357-5C3F-412D-8E12-F88745002AFA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.10:*:*:*:*:*:*:*", matchCriteriaId: "FD3EDF97-C685-42DD-8279-990332453722", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7A4D9F78-4BEF-49B1-9C66-EBDE40FF9298", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:22:*:*:*:*:*:*:*", matchCriteriaId: "25FED706-84D7-4C1A-8204-7F1277F39B67", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_infrastructure_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "51A99795-12EA-4C3F-A3F7-DED89BF6EED3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_infrastructure_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "EB7A9455-165A-42CE-B5D1-648AACB2ED05", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM para JDK: 17.0.10, 21.0.2 y 22; Edición empresarial de Oracle GraalVM: 21.3.9. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualización, inserción o eliminación no autorizada del acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a través de un servicio web que proporciona datos a las API. Esta vulnerabilidad también se aplica a las implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en un espacio aislado o subprogramas de Java en un espacio aislado, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 3.7 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], id: "CVE-2024-21068", lastModified: "2024-12-06T19:22:57.927", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2024-04-16T22:15:25.307", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240426-0004/", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240426-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2024.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-16 22:15
Modified
2024-11-21 08:53
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 21.3.8 | |
| oracle | graalvm | 22.3.4 | |
| oracle | graalvm_for_jdk | 17.0.9 | |
| oracle | jdk | 17.0.9 | |
| oracle | jre | 17.0.9 | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_insights_storage_workload_security_agent | - | |
| netapp | oncommand_insight | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*", matchCriteriaId: "CF534BA8-A2A5-4768-A480-CFB885308AF8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "876A5640-82A8-4BDC-8E0A-4D6340F5417D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "2C5055FD-0E19-4C42-9B1F-CBE222855156", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "BF274813-F650-447C-A1A6-61D5F8FF71BA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Seguridad). Las versiones compatibles que se ven afectadas son Oracle Java SE: 17.0.9; Oracle GraalVM para JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 y 22.3.4. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometer Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creación, eliminación o modificación de datos críticos o de todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o subprogramas de Java en sandbox, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan sólo código confiable (por ejemplo, código instalado por un administrador). CVSS 3.1 Puntaje base 7.5 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], id: "CVE-2024-20932", lastModified: "2024-11-21T08:53:27.550", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2024-01-16T22:15:40.763", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, { source: "secalert_us@oracle.com", tags: [ "Patch", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-284", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-18 21:15
Modified
2024-11-21 07:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.10 | |
| oracle | graalvm | 21.3.6 | |
| oracle | graalvm | 22.3.2 | |
| oracle | graalvm_for_jdk | 17.0.7 | |
| oracle | graalvm_for_jdk | 20.0.1 | |
| oracle | jdk | 11.0.19 | |
| oracle | jdk | 17.0.7 | |
| oracle | jdk | 20.0.1 | |
| oracle | jre | 11.0.19 | |
| oracle | jre | 17.0.7 | |
| oracle | jre | 20.0.1 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_insights_storage_workload_security_agent | - | |
| netapp | oncommand_insight | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.10:*:*:*:enterprise:*:*:*", matchCriteriaId: "2AEB0668-3769-415A-85D2-8042C83AF530", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "1612C1DD-47B7-4A52-B709-0E270CE9A814", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "0D052622-1214-4B93-8638-8F0FBADD4F43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "908FCFE7-F95A-4E5C-8644-78E737828E27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6FC3A3A8-4244-4933-AC2C-03540C9F80BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.19:*:*:*:*:*:*:*", matchCriteriaId: "2182C64A-CA08-49EE-9987-E34F828F9D14", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "2C064D35-8FFB-4033-AE32-A108189734AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "208BCD85-10BA-4ACB-9B9C-E4F5530EFAE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.19:*:*:*:*:*:*:*", matchCriteriaId: "5FDA3A94-3460-4EE1-B35F-3D4151157D95", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "FE4416A7-658A-423F-9A66-A8F563273AE5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5370A60E-A32D-4F9A-B939-DFA07FF4F860", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], id: "CVE-2023-22036", lastModified: "2024-11-21T07:44:08.970", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2023-07-18T21:15:13.587", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-16 22:15
Modified
2024-12-06 19:38
Severity ?
Summary
Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.13 | |
| oracle | graalvm | 21.3.9 | |
| oracle | graalvm_for_jdk | 17.0.10 | |
| oracle | graalvm_for_jdk | 21.0.2 | |
| oracle | graalvm_for_jdk | 22 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*", matchCriteriaId: "00EDC8FF-13F2-4218-9EF4-B509364AE7B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*", matchCriteriaId: "938A32D1-FBAB-42AE-87A7-AB19402B561A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", matchCriteriaId: "880BE1FE-FBFF-4CC1-B0D1-BAF025F58D4A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "27876EF0-E7C0-4B3E-8C8B-009736D1F57C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", matchCriteriaId: "EAD84F79-1DAE-4943-8167-861144067B4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, { lang: "es", value: "Vulnerabilidad en Oracle GraalVM para JDK, producto Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Compilador). Las versiones compatibles que se ven afectadas son Oracle GraalVM para JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 y 21.3.9. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Puntaje base 3.7 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], id: "CVE-2024-20954", lastModified: "2024-12-06T19:38:00.843", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2024-04-16T22:15:11.570", references: [ { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2024.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-16 23:15
Modified
2024-12-05 22:02
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.14 | |
| oracle | graalvm | 21.3.10 | |
| oracle | graalvm_for_jdk | 17.0.11 | |
| oracle | graalvm_for_jdk | 21.0.3 | |
| oracle | graalvm_for_jdk | 22.0.1 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.23 | |
| oracle | jdk | 17.0.11 | |
| oracle | jdk | 21.0.3 | |
| oracle | jdk | 22.0.1 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.23 | |
| oracle | jre | 17.0.11 | |
| oracle | jre | 21.0.3 | |
| oracle | jre | 22.0.1 | |
| netapp | active_iq_unified_manager | - | |
| netapp | bluexp | - | |
| netapp | data_infrastructure_insights_storage_workload_security_agent | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.14:*:*:*:enterprise:*:*:*", matchCriteriaId: "AA5074F2-F35B-499E-A181-E272449B044D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.10:*:*:*:enterprise:*:*:*", matchCriteriaId: "39F28D35-48E1-450D-884A-D2578C99E8EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*", matchCriteriaId: "E104024C-15B5-4EFB-A26B-C69D303933CA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*", matchCriteriaId: "CAEB1A60-678D-4BAF-9D95-43C9DCFC8D68", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AD14A144-2CA9-498E-84B9-87733E33C602", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:*:*:*:*", matchCriteriaId: "20DFA1BB-BA28-4CCA-835E-D09D469170FB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "54DCB9FD-A3FB-4901-A13F-9064921C77C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.23:*:*:*:*:*:*:*", matchCriteriaId: "21F9B73E-696B-4F6B-A019-83A68179E422", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.11:*:*:*:*:*:*:*", matchCriteriaId: "C52598F8-1859-4007-ABEE-03A463482F4A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:21.0.3:*:*:*:*:*:*:*", matchCriteriaId: "62AE87F9-A4B3-4163-9A19-3E606CF72720", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:22.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3AD2D0EA-694D-4629-A1F7-244C9B154248", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:*:*:*:*", matchCriteriaId: "C5F6C67C-C4FF-44F1-BF6D-EE1E4D0D9E61", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "F70BAD0D-1601-4C61-B6B2-1A1DBB48B067", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.23:*:*:*:*:*:*:*", matchCriteriaId: "49A5200E-E144-4C02-BAAB-8EAF734EEC5F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.11:*:*:*:*:*:*:*", matchCriteriaId: "47E6B664-D2ED-425F-B27B-3E57278B1C7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:21.0.3:*:*:*:*:*:*:*", matchCriteriaId: "06104137-B672-4AB8-AEB4-5AEE95D978FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:22.0.1:*:*:*:*:*:*:*", matchCriteriaId: "F92B7DB4-7E5C-4961-8BB3-D3DF4A833E79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*", matchCriteriaId: "FC1AE8BD-EE3F-494C-9F03-D4B2B7233106", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_infrastructure_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "EB7A9455-165A-42CE-B5D1-648AACB2ED05", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM para JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 y 21.3.10. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos a esta vulnerabilidad pueden dar como resultado una actualización, inserción o eliminación no autorizada del acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a través de un servicio web que proporciona datos a las API. Esta vulnerabilidad también se aplica a las implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en un espacio aislado o subprogramas de Java en un espacio aislado, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 3.7 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], id: "CVE-2024-21131", lastModified: "2024-12-05T22:02:52.553", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2024-07-16T23:15:13.210", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240719-0008/", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240719-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-18 21:15
Modified
2024-11-21 07:44
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.10 | |
| oracle | graalvm | 21.3.6 | |
| oracle | graalvm | 22.3.2 | |
| oracle | graalvm_for_jdk | 17.0.7 | |
| oracle | graalvm_for_jdk | 20.0.1 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.19 | |
| oracle | jdk | 17.0.7 | |
| oracle | jdk | 20.0.1 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.19 | |
| oracle | jre | 17.0.7 | |
| oracle | jre | 20.0.1 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_insights_storage_workload_security_agent | - | |
| netapp | oncommand_insight | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.10:*:*:*:enterprise:*:*:*", matchCriteriaId: "2AEB0668-3769-415A-85D2-8042C83AF530", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "1612C1DD-47B7-4A52-B709-0E270CE9A814", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "0D052622-1214-4B93-8638-8F0FBADD4F43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "908FCFE7-F95A-4E5C-8644-78E737828E27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6FC3A3A8-4244-4933-AC2C-03540C9F80BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "C69380A5-FD13-4C73-9940-99B4776EA4F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.19:*:*:*:*:*:*:*", matchCriteriaId: "2182C64A-CA08-49EE-9987-E34F828F9D14", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "2C064D35-8FFB-4033-AE32-A108189734AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "208BCD85-10BA-4ACB-9B9C-E4F5530EFAE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "47818A5A-7C5C-4B18-8529-7F9DB00A7626", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.19:*:*:*:*:*:*:*", matchCriteriaId: "5FDA3A94-3460-4EE1-B35F-3D4151157D95", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "FE4416A7-658A-423F-9A66-A8F563273AE5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5370A60E-A32D-4F9A-B939-DFA07FF4F860", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", }, ], id: "CVE-2023-22041", lastModified: "2024-11-21T07:44:09.610", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "secalert_us@oracle.com", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2023-07-18T21:15:13.963", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-16 23:15
Modified
2024-12-05 22:05
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netapp | active_iq_unified_manager | - | |
| netapp | bluexp | - | |
| netapp | data_infrastructure_insights_storage_workload_security_agent | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| oracle | graalvm | 20.3.14 | |
| oracle | graalvm | 21.3.10 | |
| oracle | graalvm_for_jdk | 17.0.11 | |
| oracle | graalvm_for_jdk | 21.0.3 | |
| oracle | graalvm_for_jdk | 22.0.1 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.23 | |
| oracle | jdk | 17.0.11 | |
| oracle | jdk | 21.0.3 | |
| oracle | jdk | 22.0.1 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.23 | |
| oracle | jre | 17.0.11 | |
| oracle | jre | 21.0.3 | |
| oracle | jre | 22.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*", matchCriteriaId: "FC1AE8BD-EE3F-494C-9F03-D4B2B7233106", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_infrastructure_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "EB7A9455-165A-42CE-B5D1-648AACB2ED05", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.14:*:*:*:enterprise:*:*:*", matchCriteriaId: "AA5074F2-F35B-499E-A181-E272449B044D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.10:*:*:*:enterprise:*:*:*", matchCriteriaId: "39F28D35-48E1-450D-884A-D2578C99E8EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*", matchCriteriaId: "E104024C-15B5-4EFB-A26B-C69D303933CA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*", matchCriteriaId: "CAEB1A60-678D-4BAF-9D95-43C9DCFC8D68", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AD14A144-2CA9-498E-84B9-87733E33C602", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:*:*:*:*", matchCriteriaId: "20DFA1BB-BA28-4CCA-835E-D09D469170FB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "54DCB9FD-A3FB-4901-A13F-9064921C77C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.23:*:*:*:*:*:*:*", matchCriteriaId: "21F9B73E-696B-4F6B-A019-83A68179E422", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.11:*:*:*:*:*:*:*", matchCriteriaId: "C52598F8-1859-4007-ABEE-03A463482F4A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:21.0.3:*:*:*:*:*:*:*", matchCriteriaId: "62AE87F9-A4B3-4163-9A19-3E606CF72720", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:22.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3AD2D0EA-694D-4629-A1F7-244C9B154248", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:*:*:*:*", matchCriteriaId: "C5F6C67C-C4FF-44F1-BF6D-EE1E4D0D9E61", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "F70BAD0D-1601-4C61-B6B2-1A1DBB48B067", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.23:*:*:*:*:*:*:*", matchCriteriaId: "49A5200E-E144-4C02-BAAB-8EAF734EEC5F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.11:*:*:*:*:*:*:*", matchCriteriaId: "47E6B664-D2ED-425F-B27B-3E57278B1C7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:21.0.3:*:*:*:*:*:*:*", matchCriteriaId: "06104137-B672-4AB8-AEB4-5AEE95D978FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:22.0.1:*:*:*:*:*:*:*", matchCriteriaId: "F92B7DB4-7E5C-4961-8BB3-D3DF4A833E79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM para JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 y 21.3.10. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegación de servicio parcial (DOS parcial) de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a través de un servicio web que proporciona datos a las API. Esta vulnerabilidad también se aplica a las implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en un espacio aislado o subprogramas de Java en un espacio aislado, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntuación base 3.7 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], id: "CVE-2024-21138", lastModified: "2024-12-05T22:05:55.937", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2024-07-16T23:15:14.620", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240719-0008/", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240719-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-16 22:15
Modified
2025-03-26 15:03
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html | Mailing List, Third Party Advisory | |
| secalert_us@oracle.com | https://security.netapp.com/advisory/ntap-20240201-0002/ | Third Party Advisory | |
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujan2024.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240201-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2024.html | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "BE2E2756-6ECC-4205-BED6-1A7DAB6D1C45", versionEndExcluding: "11.0.24", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "1BD9DA0F-9664-4C81-882F-68DBBC323F5E", versionEndExcluding: "17.0.10", versionStartIncluding: "17", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "231952D6-6C9A-4C31-A338-1AA8C3D4F433", versionEndExcluding: "21.0.2", versionStartIncluding: "21", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*", matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*", matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*", matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*", matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*", matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*", matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*", matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*", matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*", matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*", matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*", matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*", matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*", matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*", matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*", matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*", matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*", matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*", matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*", matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*", matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*", matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*", matchCriteriaId: "383F0B07-59BF-4744-87F2-04C98BC183B4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*", matchCriteriaId: "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*", matchCriteriaId: "1058ABDC-D652-4E2D-964D-C9C98FD404F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update372:*:*:*:*:*:*", matchCriteriaId: "DC62A8BB-6230-4D5A-B91C-DD1B222F9E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update382:*:*:*:*:*:*", matchCriteriaId: "333F58FD-5F4F-4F11-B1F8-8815C99AC61A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update392:*:*:*:*:*:*", matchCriteriaId: "1CB4456E-18B0-4C5B-822E-2BFE7DE019D7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update402-b00:*:*:*:*:*:*", matchCriteriaId: "3FCE7DD4-EF50-4F46-B5E1-F5F0B31C2A69", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update402-b01:*:*:*:*:*:*", matchCriteriaId: "60538D83-D9A2-4A8E-ADCA-25ACDE789D11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update402-b02:*:*:*:*:*:*", matchCriteriaId: "823D1593-CCB9-4172-85FE-3F7EC57E966A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update402-b03:*:*:*:*:*:*", matchCriteriaId: "3723D31F-21F3-4040-A59D-6F4FE4D38033", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update402-b04:*:*:*:*:*:*", matchCriteriaId: "60C2BD46-0BF0-4960-9070-41EF8BD86606", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update402-b05:*:*:*:*:*:*", matchCriteriaId: "4B43831A-21CF-4A2D-AF1E-C909954E4713", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*", matchCriteriaId: "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*", matchCriteriaId: "CF534BA8-A2A5-4768-A480-CFB885308AF8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "876A5640-82A8-4BDC-8E0A-4D6340F5417D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "2C5055FD-0E19-4C42-9B1F-CBE222855156", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*", matchCriteriaId: "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*", matchCriteriaId: "D667746E-7E7C-4326-9B70-3587C2B41BAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "F3EF33DE-2E3F-4D5A-BF06-AC3C75108089", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*", matchCriteriaId: "8FFC5C12-7FF4-48E6-BC5A-F50EBC956BBE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*", matchCriteriaId: "50C5781C-4153-431D-991E-637E253EDC87", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*", matchCriteriaId: "CA31F3A1-07E1-4685-8A24-7C7830EF7600", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "DB7CD545-5B56-47FC-803F-8F150C810534", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*", matchCriteriaId: "568F994E-135F-486D-B57C-0245A1BC253B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "BF274813-F650-447C-A1A6-61D5F8FF71BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*", matchCriteriaId: "F76A51BB-6DAE-4506-B737-7A5854543F18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Seguridad). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM para JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creación, eliminación o modificación de datos críticos o a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition, así como acceso no autorizado a datos críticos o acceso completo a todo Oracle Java. SE, Oracle GraalVM para JDK, datos accesibles de Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o subprogramas de Java en sandbox, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan sólo código confiable (por ejemplo, código instalado por un administrador). CVSS 3.1 Puntaje base 7.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", }, ], id: "CVE-2024-20952", lastModified: "2025-03-26T15:03:47.983", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2024-01-16T22:15:42.477", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-284", }, { lang: "en", value: "CWE-416", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-16 22:15
Modified
2024-11-21 08:53
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html | Mailing List, Third Party Advisory | |
| secalert_us@oracle.com | https://security.netapp.com/advisory/ntap-20240201-0002/ | Third Party Advisory | |
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujan2024.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240201-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2024.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.12 | |
| oracle | graalvm | 21.3.8 | |
| oracle | graalvm | 22.3.4 | |
| oracle | graalvm_for_jdk | 17.0.9 | |
| oracle | graalvm_for_jdk | 21.0.1 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.21 | |
| oracle | jdk | 17.0.9 | |
| oracle | jdk | 21.0.1 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.21 | |
| oracle | jre | 17.0.9 | |
| oracle | jre | 21.0.1 | |
| debian | debian_linux | 10.0 | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_insights_storage_workload_security_agent | - | |
| netapp | oncommand_insight | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*", matchCriteriaId: "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*", matchCriteriaId: "CF534BA8-A2A5-4768-A480-CFB885308AF8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "876A5640-82A8-4BDC-8E0A-4D6340F5417D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "2C5055FD-0E19-4C42-9B1F-CBE222855156", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*", matchCriteriaId: "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*", matchCriteriaId: "D667746E-7E7C-4326-9B70-3587C2B41BAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "F3EF33DE-2E3F-4D5A-BF06-AC3C75108089", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*", matchCriteriaId: "8FFC5C12-7FF4-48E6-BC5A-F50EBC956BBE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*", matchCriteriaId: "50C5781C-4153-431D-991E-637E253EDC87", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*", matchCriteriaId: "CA31F3A1-07E1-4685-8A24-7C7830EF7600", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "DB7CD545-5B56-47FC-803F-8F150C810534", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*", matchCriteriaId: "568F994E-135F-486D-B57C-0245A1BC253B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "BF274813-F650-447C-A1A6-61D5F8FF71BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*", matchCriteriaId: "F76A51BB-6DAE-4506-B737-7A5854543F18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM para JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creación, eliminación o modificación de datos críticos o a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition, así como acceso no autorizado a datos críticos o acceso completo a todo Oracle Java. SE, Oracle GraalVM para JDK, datos accesibles de Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a través de un servicio web que proporciona datos a las API. Esta vulnerabilidad también se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en una sandbox o subprogramas de Java en una sandbox, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 7.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", }, ], id: "CVE-2024-20918", lastModified: "2024-11-21T08:53:25.790", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2024-01-16T22:15:39.510", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-17 22:15
Modified
2024-11-21 07:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm_for_jdk | 17.0.8 | |
| oracle | graalvm_for_jdk | 21 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.2 | |
| oracle | jdk | 17.0.8 | |
| oracle | jdk | 21.0.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.2 | |
| oracle | jre | 17.0.8 | |
| oracle | jre | 21.0.0 | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_insights_storage_workload_security_agent | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D5A01042-97E8-483B-BBE2-C9A968423FCD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21:*:*:*:*:*:*:*", matchCriteriaId: "3DAC838A-1E97-4D12-9CA9-4593D61CF9FD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update381:*:*:-:*:*:*", matchCriteriaId: "2950AC81-A9E7-4CC8-A20D-10AEAAD672D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "1280B8AA-B341-42DC-BA23-4DD970970570", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "40C0CB6C-5A35-45E8-A481-F437360F6B7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D07E25C0-81ED-4DA9-85D3-CF2C758D25D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:21.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89511E56-D9E1-46D2-A591-EEC11A4194B2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update381:*:*:-:*:*:*", matchCriteriaId: "9B5F1CAA-26EA-4558-BA69-51D0EB0726DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "54EEB032-9164-49FB-97CB-728A64C43495", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A824CA38-74B2-43FC-9C72-6CE37B97D59F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.8:*:*:*:*:*:*:*", matchCriteriaId: "25D40D36-9C91-49AB-9120-97A867715E20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:21.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5B331904-AF1B-4C47-A664-A257CB16DDEB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK de Oracle Java SE (componente: JSSE). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM para JDK: 17.0.8 y 21. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTPS comprometer Oracle Java SE y Oracle GraalVM para JDK. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una Denegación de Servicio parcial (DOS parcial) de Oracle Java SE, Oracle GraalVM para JDK. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en espacio aislado o subprogramas de Java en espacio aislado, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan sólo código confiable (por ejemplo, código instalado por un administrador). CVSS 3.1 Puntuación base 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], id: "CVE-2023-22081", lastModified: "2024-11-21T07:44:14.347", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2023-10-17T22:15:13.573", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231027-0006/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5537", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5548", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231027-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5537", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5548", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2023.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-17 22:15
Modified
2024-11-21 07:44
Severity ?
Summary
Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2023.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2023.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm_for_jdk | 17.0.8 | |
| oracle | graalvm_for_jdk | 21 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D5A01042-97E8-483B-BBE2-C9A968423FCD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21:*:*:*:*:*:*:*", matchCriteriaId: "3DAC838A-1E97-4D12-9CA9-4593D61CF9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle GraalVM para JDK de Oracle Java SE (componente: Compilador). Las versiones compatibles que se ven afectadas son Oracle GraalVM para JDK: 17.0.8 y 21. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle GraalVM para JDK. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserción o eliminación de algunos de los datos accesibles de Oracle GraalVM para JDK, así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle GraalVM para JDK. CVSS 3.1 Puntaje base 4.8 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], id: "CVE-2023-22091", lastModified: "2024-11-21T07:44:15.527", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2023-10-17T22:15:14.297", references: [ { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2023.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-15 20:15
Modified
2025-03-13 14:15
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2024.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.15 | |
| oracle | graalvm | 21.3.11 | |
| oracle | graalvm_for_jdk | 17.0.12 | |
| oracle | graalvm_for_jdk | 21.0.4 | |
| oracle | graalvm_for_jdk | 23 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.24 | |
| oracle | jdk | 17.0.12 | |
| oracle | jdk | 21.0.4 | |
| oracle | jdk | 23 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.24 | |
| oracle | jre | 17.0.12 | |
| oracle | jre | 21.0.4 | |
| oracle | jre | 23 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", matchCriteriaId: "93A899CF-69C5-46A3-BE20-E9F128FB079E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*", matchCriteriaId: "44A007AC-88D1-4F18-B1AD-C69600AD643C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", matchCriteriaId: "DDDE5C6D-036C-42FC-BD31-366175914F3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", matchCriteriaId: "4162209C-031A-4AD9-9F19-445236332DA3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", matchCriteriaId: "0DD0AB0E-208D-4856-9F31-3A4BB5213FB1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update421:*:*:-:*:*:*", matchCriteriaId: "9C681771-C202-4A4A-A357-A18286023C71", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update421:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "EBBF3C52-6ACD-45F4-9245-719AC2A96473", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.24:*:*:*:*:*:*:*", matchCriteriaId: "199C19B3-D4FC-4925-A249-9889242B7452", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.12:*:*:*:*:*:*:*", matchCriteriaId: "B0161CF7-985D-4832-B2DC-90CC1F9CB1ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:21.0.4:*:*:*:*:*:*:*", matchCriteriaId: "21DC98DB-A180-4E74-9049-427B60AA574A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:23:*:*:*:*:*:*:*", matchCriteriaId: "9137A4EB-820C-4F05-983A-5534CFB0E019", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update421:*:*:-:*:*:*", matchCriteriaId: "C3128079-D0DB-4708-B3C9-74B6A7CCAB98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update421:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "BDA0765B-413B-4FFF-BC00-94C84FE4BFBD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.24:*:*:*:*:*:*:*", matchCriteriaId: "0FE84109-8702-41A7-B18A-C399737EBF27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.12:*:*:*:*:*:*:*", matchCriteriaId: "9EB0A022-55BA-4968-A7CE-619BF1389981", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:21.0.4:*:*:*:*:*:*:*", matchCriteriaId: "29F12FD7-FB8A-4420-83D2-6C94A787A841", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:23:*:*:*:*:*:*:*", matchCriteriaId: "5792796D-D244-4382-8DE2-30359F5CD9CD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Serialization). Las versiones compatibles afectadas son Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 y 21.3.11. Esta vulnerabilidad, difícil de explotar, permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos ponga en peligro Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar una denegación de servicio parcial (DOS parcial) de Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede explotar mediante el uso de las API en el componente especificado, por ejemplo, a través de un servicio web que proporciona datos a las API. Esta vulnerabilidad también se aplica a las implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java en entornos aislados, que cargan y ejecutan código no confiable (por ejemplo, código que proviene de Internet) y dependen del entorno aislado de Java para su seguridad. Puntuación base de CVSS 3.1: 3,7 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], id: "CVE-2024-21217", lastModified: "2025-03-13T14:15:21.560", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2024-10-15T20:15:11.197", references: [ { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-17 22:15
Modified
2024-11-21 07:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://security.netapp.com/advisory/ntap-20231027-0006/ | Third Party Advisory | |
| secalert_us@oracle.com | https://www.debian.org/security/2023/dsa-5548 | Third Party Advisory | |
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2023.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231027-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5548 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2023.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm_for_jdk | 17.0.8 | |
| oracle | graalvm_for_jdk | 21 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 17.0.8 | |
| oracle | jdk | 21.0.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 17.0.8 | |
| oracle | jre | 21.0.0 | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_insights_storage_workload_security_agent | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D5A01042-97E8-483B-BBE2-C9A968423FCD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21:*:*:*:*:*:*:*", matchCriteriaId: "3DAC838A-1E97-4D12-9CA9-4593D61CF9FD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "1280B8AA-B341-42DC-BA23-4DD970970570", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D07E25C0-81ED-4DA9-85D3-CF2C758D25D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:21.0.0:*:*:*:*:*:*:*", matchCriteriaId: "89511E56-D9E1-46D2-A591-EEC11A4194B2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "54EEB032-9164-49FB-97CB-728A64C43495", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.8:*:*:*:*:*:*:*", matchCriteriaId: "25D40D36-9C91-49AB-9120-97A867715E20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:21.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5B331904-AF1B-4C47-A664-A257CB16DDEB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM para JDK de Oracle Java SE (componente: Hotspot). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM para JDK: 17.0.8 y 21. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle Java SE, Oracle GraalVM Enterprise Edition y Oracle GraalVM para JDK. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualización, inserción o eliminación no autorizada del acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition y Oracle GraalVM para JDK. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a través de un servicio web que proporciona datos a las API. Esta vulnerabilidad también se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en un espacio aislado o subprogramas de Java en un espacio aislado, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 3.7 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], id: "CVE-2023-22025", lastModified: "2024-11-21T07:44:07.720", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2023-10-17T22:15:11.837", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231027-0006/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5548", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231027-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5548", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2023.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-18 21:15
Modified
2024-11-21 07:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 | |
| oracle | graalvm | 20.3.10 | |
| oracle | graalvm | 21.3.6 | |
| oracle | graalvm | 22.3.2 | |
| oracle | graalvm_for_jdk | 17.0.7 | |
| oracle | graalvm_for_jdk | 20.0.1 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.19 | |
| oracle | jdk | 17.0.7 | |
| oracle | jdk | 20.0.1 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.19 | |
| oracle | jre | 17.0.7 | |
| oracle | jre | 20.0.1 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_insights_storage_workload_security_agent | - | |
| netapp | oncommand_insight | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.10:*:*:*:enterprise:*:*:*", matchCriteriaId: "2AEB0668-3769-415A-85D2-8042C83AF530", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "1612C1DD-47B7-4A52-B709-0E270CE9A814", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "0D052622-1214-4B93-8638-8F0FBADD4F43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "908FCFE7-F95A-4E5C-8644-78E737828E27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6FC3A3A8-4244-4933-AC2C-03540C9F80BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update371:*:*:-:*:*:*", matchCriteriaId: "5D736709-DA37-4A09-B0E9-ABE12512DD6F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "C69380A5-FD13-4C73-9940-99B4776EA4F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.19:*:*:*:*:*:*:*", matchCriteriaId: "2182C64A-CA08-49EE-9987-E34F828F9D14", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "2C064D35-8FFB-4033-AE32-A108189734AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "208BCD85-10BA-4ACB-9B9C-E4F5530EFAE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update371:*:*:-:*:*:*", matchCriteriaId: "12264955-3C82-413F-B814-C5538470DE13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "47818A5A-7C5C-4B18-8529-7F9DB00A7626", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.19:*:*:*:*:*:*:*", matchCriteriaId: "5FDA3A94-3460-4EE1-B35F-3D4151157D95", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "FE4416A7-658A-423F-9A66-A8F563273AE5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5370A60E-A32D-4F9A-B939-DFA07FF4F860", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], id: "CVE-2023-22049", lastModified: "2024-11-21T07:44:10.630", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2023-07-18T21:15:14.567", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { source: "secalert_us@oracle.com", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-17 02:15
Modified
2024-12-09 16:42
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.12 | |
| oracle | graalvm | 21.3.8 | |
| oracle | graalvm | 22.3.4 | |
| oracle | graalvm_for_jdk | 17.0.9 | |
| oracle | graalvm_for_jdk | 21.0.1 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.21 | |
| oracle | jdk | 17.0.9 | |
| oracle | jdk | 21.0.1 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.21 | |
| oracle | jre | 17.0.9 | |
| oracle | jre | 21.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*", matchCriteriaId: "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*", matchCriteriaId: "CF534BA8-A2A5-4768-A480-CFB885308AF8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "876A5640-82A8-4BDC-8E0A-4D6340F5417D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "2C5055FD-0E19-4C42-9B1F-CBE222855156", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*", matchCriteriaId: "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*", matchCriteriaId: "D667746E-7E7C-4326-9B70-3587C2B41BAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "F3EF33DE-2E3F-4D5A-BF06-AC3C75108089", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*", matchCriteriaId: "8FFC5C12-7FF4-48E6-BC5A-F50EBC956BBE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*", matchCriteriaId: "50C5781C-4153-431D-991E-637E253EDC87", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*", matchCriteriaId: "CA31F3A1-07E1-4685-8A24-7C7830EF7600", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "DB7CD545-5B56-47FC-803F-8F150C810534", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*", matchCriteriaId: "568F994E-135F-486D-B57C-0245A1BC253B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "BF274813-F650-447C-A1A6-61D5F8FF71BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*", matchCriteriaId: "F76A51BB-6DAE-4506-B737-7A5854543F18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM para JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creación, eliminación o modificación de datos críticos o de todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad solo se puede aprovechar proporcionando datos a las API en el componente especificado sin utilizar aplicaciones Java Web Start que no son de confianza o subprogramas de Java que no son de confianza, como a través de un servicio web. CVSS 3.1 Puntaje base 5.9 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], id: "CVE-2024-20919", lastModified: "2024-12-09T16:42:40.380", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2024-02-17T02:15:46.770", references: [ { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-16 23:15
Modified
2025-03-13 14:15
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.14 | |
| oracle | graalvm | 21.3.10 | |
| oracle | graalvm | 22.0.1 | |
| oracle | graalvm_for_jdk | 17.0.11 | |
| oracle | graalvm_for_jdk | 21.0.3 | |
| oracle | graalvm_for_jdk | 22.0.1 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.23 | |
| oracle | jdk | 17.0.11 | |
| oracle | jdk | 21.0.3 | |
| oracle | jdk | 22.0.1 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.23 | |
| oracle | jre | 17.0.11 | |
| oracle | jre | 21.0.3 | |
| oracle | jre | 22.0.1 | |
| netapp | bluexp | - | |
| netapp | cloud_insights_storage_workload_security_agent | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.14:*:*:*:enterprise:*:*:*", matchCriteriaId: "AA5074F2-F35B-499E-A181-E272449B044D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.10:*:*:*:enterprise:*:*:*", matchCriteriaId: "39F28D35-48E1-450D-884A-D2578C99E8EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.0.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "CD50990D-63DE-412F-B370-0568EA8B32FB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*", matchCriteriaId: "E104024C-15B5-4EFB-A26B-C69D303933CA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*", matchCriteriaId: "CAEB1A60-678D-4BAF-9D95-43C9DCFC8D68", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AD14A144-2CA9-498E-84B9-87733E33C602", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:-:*:*:*", matchCriteriaId: "B43C161D-E6DE-402A-831E-4F8BB9B75826", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "54DCB9FD-A3FB-4901-A13F-9064921C77C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.23:*:*:*:*:*:*:*", matchCriteriaId: "21F9B73E-696B-4F6B-A019-83A68179E422", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.11:*:*:*:*:*:*:*", matchCriteriaId: "C52598F8-1859-4007-ABEE-03A463482F4A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:21.0.3:*:*:*:*:*:*:*", matchCriteriaId: "62AE87F9-A4B3-4163-9A19-3E606CF72720", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:22.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3AD2D0EA-694D-4629-A1F7-244C9B154248", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:-:*:*:*", matchCriteriaId: "9A51F12C-42D0-41BC-A9DB-F2934BA1384B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "F70BAD0D-1601-4C61-B6B2-1A1DBB48B067", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.23:*:*:*:*:*:*:*", matchCriteriaId: "49A5200E-E144-4C02-BAAB-8EAF734EEC5F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.11:*:*:*:*:*:*:*", matchCriteriaId: "47E6B664-D2ED-425F-B27B-3E57278B1C7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:21.0.3:*:*:*:*:*:*:*", matchCriteriaId: "06104137-B672-4AB8-AEB4-5AEE95D978FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:22.0.1:*:*:*:*:*:*:*", matchCriteriaId: "F92B7DB4-7E5C-4961-8BB3-D3DF4A833E79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*", matchCriteriaId: "FC1AE8BD-EE3F-494C-9F03-D4B2B7233106", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: 2D). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM para JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 y 21.3.10. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserción o eliminación de algunos datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition, así como acceso de lectura no autorizado a un subconjunto de Oracle Java SE, Oracle GraalVM para JDK, datos accesibles de Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a través de un servicio web que proporciona datos a las API. Esta vulnerabilidad también se aplica a las implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en un espacio aislado o subprogramas de Java en un espacio aislado, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 4.8 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], id: "CVE-2024-21145", lastModified: "2025-03-13T14:15:20.360", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "secalert_us@oracle.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-16T23:15:15.993", references: [ { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240719-0008/", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240719-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-284", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-18 21:15
Modified
2024-11-21 07:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.10 | |
| oracle | graalvm | 21.3.6 | |
| oracle | graalvm | 22.3.2 | |
| oracle | graalvm_for_jdk | 17.0.7 | |
| oracle | graalvm_for_jdk | 20.0.1 | |
| oracle | jdk | 11.0.19 | |
| oracle | jdk | 17.0.7 | |
| oracle | jdk | 20.0.1 | |
| oracle | jre | 11.0.19 | |
| oracle | jre | 17.0.7 | |
| oracle | jre | 20.0.1 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_insights_storage_workload_security_agent | - | |
| netapp | oncommand_insight | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.10:*:*:*:enterprise:*:*:*", matchCriteriaId: "2AEB0668-3769-415A-85D2-8042C83AF530", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "1612C1DD-47B7-4A52-B709-0E270CE9A814", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "0D052622-1214-4B93-8638-8F0FBADD4F43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "908FCFE7-F95A-4E5C-8644-78E737828E27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6FC3A3A8-4244-4933-AC2C-03540C9F80BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.19:*:*:*:*:*:*:*", matchCriteriaId: "2182C64A-CA08-49EE-9987-E34F828F9D14", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "2C064D35-8FFB-4033-AE32-A108189734AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "208BCD85-10BA-4ACB-9B9C-E4F5530EFAE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.19:*:*:*:*:*:*:*", matchCriteriaId: "5FDA3A94-3460-4EE1-B35F-3D4151157D95", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "FE4416A7-658A-423F-9A66-A8F563273AE5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5370A60E-A32D-4F9A-B939-DFA07FF4F860", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", }, ], id: "CVE-2023-22006", lastModified: "2024-11-21T07:44:05.450", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2023-07-18T21:15:12.067", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-15 20:15
Modified
2024-10-18 18:30
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2024.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.15 | |
| oracle | graalvm | 21.3.11 | |
| oracle | graalvm_for_jdk | 17.0.12 | |
| oracle | graalvm_for_jdk | 21.0.4 | |
| oracle | graalvm_for_jdk | 23 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.24 | |
| oracle | jdk | 17.0.12 | |
| oracle | jdk | 21.0.4 | |
| oracle | jdk | 23 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.24 | |
| oracle | jre | 17.0.12 | |
| oracle | jre | 21.0.4 | |
| oracle | jre | 23 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", matchCriteriaId: "93A899CF-69C5-46A3-BE20-E9F128FB079E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*", matchCriteriaId: "44A007AC-88D1-4F18-B1AD-C69600AD643C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", matchCriteriaId: "DDDE5C6D-036C-42FC-BD31-366175914F3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", matchCriteriaId: "4162209C-031A-4AD9-9F19-445236332DA3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", matchCriteriaId: "0DD0AB0E-208D-4856-9F31-3A4BB5213FB1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update421:*:*:-:*:*:*", matchCriteriaId: "9C681771-C202-4A4A-A357-A18286023C71", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update421:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "EBBF3C52-6ACD-45F4-9245-719AC2A96473", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.24:*:*:*:*:*:*:*", matchCriteriaId: "199C19B3-D4FC-4925-A249-9889242B7452", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.12:*:*:*:*:*:*:*", matchCriteriaId: "B0161CF7-985D-4832-B2DC-90CC1F9CB1ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:21.0.4:*:*:*:*:*:*:*", matchCriteriaId: "21DC98DB-A180-4E74-9049-427B60AA574A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:23:*:*:*:*:*:*:*", matchCriteriaId: "9137A4EB-820C-4F05-983A-5534CFB0E019", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update421:*:*:-:*:*:*", matchCriteriaId: "C3128079-D0DB-4708-B3C9-74B6A7CCAB98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update421:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "BDA0765B-413B-4FFF-BC00-94C84FE4BFBD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.24:*:*:*:*:*:*:*", matchCriteriaId: "0FE84109-8702-41A7-B18A-C399737EBF27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.12:*:*:*:*:*:*:*", matchCriteriaId: "9EB0A022-55BA-4968-A7CE-619BF1389981", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:21.0.4:*:*:*:*:*:*:*", matchCriteriaId: "29F12FD7-FB8A-4420-83D2-6C94A787A841", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:23:*:*:*:*:*:*:*", matchCriteriaId: "5792796D-D244-4382-8DE2-30359F5CD9CD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles afectadas son Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 y 21.3.11. Esta vulnerabilidad, difícil de explotar, permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos ponga en peligro Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserciones o eliminaciones de algunos datos accesibles de Oracle Java SE, Oracle GraalVM for JDK y Oracle GraalVM Enterprise Edition, así como acceso no autorizado a lecturas de un subconjunto de datos accesibles de Oracle Java SE, Oracle GraalVM for JDK y Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede explotar mediante el uso de API en el componente especificado, por ejemplo, a través de un servicio web que proporciona datos a las API. Esta vulnerabilidad también se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java en entornos aislados, que cargan y ejecutan código no confiable (por ejemplo, código que proviene de Internet) y dependen del entorno aislado de Java para su seguridad. Puntuación base de CVSS 3.1: 4,8 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], id: "CVE-2024-21235", lastModified: "2024-10-18T18:30:26.097", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2024-10-15T20:15:12.643", references: [ { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-18 21:15
Modified
2024-11-21 07:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://security.netapp.com/advisory/ntap-20230725-0006/ | Third Party Advisory | |
| secalert_us@oracle.com | https://www.debian.org/security/2023/dsa-5458 | Third Party Advisory | |
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujul2023.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230725-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5458 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2023.html | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "1612C1DD-47B7-4A52-B709-0E270CE9A814", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "0D052622-1214-4B93-8638-8F0FBADD4F43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "908FCFE7-F95A-4E5C-8644-78E737828E27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6FC3A3A8-4244-4933-AC2C-03540C9F80BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "C69380A5-FD13-4C73-9940-99B4776EA4F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "2C064D35-8FFB-4033-AE32-A108189734AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "208BCD85-10BA-4ACB-9B9C-E4F5530EFAE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "47818A5A-7C5C-4B18-8529-7F9DB00A7626", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "FE4416A7-658A-423F-9A66-A8F563273AE5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5370A60E-A32D-4F9A-B939-DFA07FF4F860", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], id: "CVE-2023-22044", lastModified: "2024-11-21T07:44:09.983", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2023-07-18T21:15:14.190", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-18 21:15
Modified
2024-11-21 07:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.10 | |
| oracle | graalvm | 21.3.6 | |
| oracle | graalvm | 22.3.2 | |
| oracle | graalvm_for_jdk | 17.0.7 | |
| oracle | graalvm_for_jdk | 20.0.1 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.19 | |
| oracle | jdk | 17.0.7 | |
| oracle | jdk | 20.0.1 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.19 | |
| oracle | jre | 17.0.7 | |
| oracle | jre | 20.0.1 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_insights_storage_workload_security_agent | - | |
| netapp | oncommand_insight | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.10:*:*:*:enterprise:*:*:*", matchCriteriaId: "2AEB0668-3769-415A-85D2-8042C83AF530", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "1612C1DD-47B7-4A52-B709-0E270CE9A814", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "0D052622-1214-4B93-8638-8F0FBADD4F43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "908FCFE7-F95A-4E5C-8644-78E737828E27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6FC3A3A8-4244-4933-AC2C-03540C9F80BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update371:*:*:-:*:*:*", matchCriteriaId: "5D736709-DA37-4A09-B0E9-ABE12512DD6F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "C69380A5-FD13-4C73-9940-99B4776EA4F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.19:*:*:*:*:*:*:*", matchCriteriaId: "2182C64A-CA08-49EE-9987-E34F828F9D14", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "2C064D35-8FFB-4033-AE32-A108189734AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "208BCD85-10BA-4ACB-9B9C-E4F5530EFAE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update371:*:*:-:*:*:*", matchCriteriaId: "12264955-3C82-413F-B814-C5538470DE13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "47818A5A-7C5C-4B18-8529-7F9DB00A7626", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.19:*:*:*:*:*:*:*", matchCriteriaId: "5FDA3A94-3460-4EE1-B35F-3D4151157D95", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "FE4416A7-658A-423F-9A66-A8F563273AE5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5370A60E-A32D-4F9A-B939-DFA07FF4F860", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], id: "CVE-2023-22045", lastModified: "2024-11-21T07:44:10.113", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2023-07-18T21:15:14.267", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230725-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5458", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5478", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-16 22:15
Modified
2024-11-21 08:53
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html | Mailing List, Third Party Advisory | |
| secalert_us@oracle.com | https://security.netapp.com/advisory/ntap-20240201-0002/ | Third Party Advisory | |
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujan2024.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240201-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2024.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.12 | |
| oracle | graalvm | 21.3.8 | |
| oracle | graalvm | 22.3.4 | |
| oracle | graalvm_for_jdk | 17.0.9 | |
| oracle | graalvm_for_jdk | 21.0.1 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.21 | |
| oracle | jdk | 17.0.9 | |
| oracle | jdk | 21.0.1 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.21 | |
| oracle | jre | 17.0.9 | |
| oracle | jre | 21.0.1 | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_insights_storage_workload_security_agent | - | |
| netapp | oncommand_insight | - | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*", matchCriteriaId: "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*", matchCriteriaId: "CF534BA8-A2A5-4768-A480-CFB885308AF8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "876A5640-82A8-4BDC-8E0A-4D6340F5417D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "2C5055FD-0E19-4C42-9B1F-CBE222855156", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*", matchCriteriaId: "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*", matchCriteriaId: "D667746E-7E7C-4326-9B70-3587C2B41BAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "F3EF33DE-2E3F-4D5A-BF06-AC3C75108089", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*", matchCriteriaId: "8FFC5C12-7FF4-48E6-BC5A-F50EBC956BBE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*", matchCriteriaId: "50C5781C-4153-431D-991E-637E253EDC87", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*", matchCriteriaId: "CA31F3A1-07E1-4685-8A24-7C7830EF7600", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*", matchCriteriaId: "DB7CD545-5B56-47FC-803F-8F150C810534", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*", matchCriteriaId: "568F994E-135F-486D-B57C-0245A1BC253B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "BF274813-F650-447C-A1A6-61D5F8FF71BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*", matchCriteriaId: "F76A51BB-6DAE-4506-B737-7A5854543F18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Scripting). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM para JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a través de un servicio web que proporciona datos a las API. Esta vulnerabilidad también se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en una sandbox o subprogramas de Java en una sandbox, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 5.9 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", }, ], id: "CVE-2024-20926", lastModified: "2024-11-21T08:53:26.797", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2024-01-16T22:15:40.207", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240201-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-16 22:15
Modified
2024-11-21 08:53
Severity ?
Summary
Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujan2024.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2024.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.12 | |
| oracle | graalvm | 21.3.8 | |
| oracle | graalvm | 22.3.4 | |
| oracle | graalvm_for_jdk | 17.0.9 | |
| oracle | graalvm_for_jdk | 21.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*", matchCriteriaId: "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*", matchCriteriaId: "CF534BA8-A2A5-4768-A480-CFB885308AF8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "876A5640-82A8-4BDC-8E0A-4D6340F5417D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*", matchCriteriaId: "2C5055FD-0E19-4C42-9B1F-CBE222855156", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*", matchCriteriaId: "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, { lang: "es", value: "Vulnerabilidad en Oracle GraalVM para JDK, producto Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Compilador). Las versiones compatibles que se ven afectadas son Oracle GraalVM para JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 y 22.3.4. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Puntaje base 3.7 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], id: "CVE-2024-20955", lastModified: "2024-11-21T08:53:30.257", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2024-01-16T22:15:42.647", references: [ { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2024.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-18 21:15
Modified
2024-11-21 07:44
Severity ?
Summary
Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujul2023.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2023.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 21.3.6 | |
| oracle | graalvm | 22.3.2 | |
| oracle | graalvm_for_jdk | 17.0.7 | |
| oracle | graalvm_for_jdk | 20.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "1612C1DD-47B7-4A52-B709-0E270CE9A814", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "0D052622-1214-4B93-8638-8F0FBADD4F43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:*", matchCriteriaId: "908FCFE7-F95A-4E5C-8644-78E737828E27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6FC3A3A8-4244-4933-AC2C-03540C9F80BE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], id: "CVE-2023-22051", lastModified: "2024-11-21T07:44:10.883", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2023-07-18T21:15:14.767", references: [ { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2023.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }