Описание
Уязвимость компонента 2D виртуальных машин Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK и программной платформы Oracle Java SE связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ на чтение, изменение или удаление данных
Вендор
Red Hat Inc.
Novell Inc.
NetApp Inc.
Canonical Ltd.
Сообщество свободного программного обеспечения
ООО «Ред Софт»
Oracle Corp.
Axiom JDK
АО "НППКТ"
Наименование ПО
Red Hat Enterprise Linux
OpenSUSE Leap
Suse Linux Enterprise Server
SUSE Linux Enterprise Server for SAP Applications
OnCommand Workflow Automation
Oncommand Insight
openSUSE Tumbleweed
Ubuntu
Debian GNU/Linux
РЕД ОС
SUSE Linux Enterprise High Performance Computing
SUSE Manager Retail Branch Server
SUSE Manager Proxy
SUSE Manager Server
SUSE Enterprise Storage
Suse Linux Enterprise Desktop
SUSE Linux Enterprise Module for Basesystem
SUSE Linux Enterprise Module for Legacy Software
SUSE Linux Enterprise Module for Package Hub
Cloud Insights Storage Workload Security Agent
SUSE Liberty Linux
GraalVM Enterprise Edition
Oracle GraalVM for JDK
Java SE
Red Hat build of OpenJDK
NetApp BlueXP
Axiom AxiomJDK
ОСОН ОСнова Оnyx
Версия ПО
7 (Red Hat Enterprise Linux)
15.5 (OpenSUSE Leap)
8 (Red Hat Enterprise Linux)
12 SP5 (Suse Linux Enterprise Server)
12 SP5 (SUSE Linux Enterprise Server for SAP Applications)
- (OnCommand Workflow Automation)
- (Oncommand Insight)
- (openSUSE Tumbleweed)
20.04 LTS (Ubuntu)
11 (Debian GNU/Linux)
12 (Debian GNU/Linux)
7.3 (РЕД ОС)
15 SP3 (SUSE Linux Enterprise Server for SAP Applications)
15 SP2 (SUSE Linux Enterprise Server for SAP Applications)
15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing)
15 SP4 (SUSE Linux Enterprise Server for SAP Applications)
22.04 LTS (Ubuntu)
9 (Red Hat Enterprise Linux)
15 SP2-LTSS (Suse Linux Enterprise Server)
4.3 (SUSE Manager Retail Branch Server)
4.3 (SUSE Manager Proxy)
4.3 (SUSE Manager Server)
7.1 (SUSE Enterprise Storage)
8.2 Advanced Update Support (Red Hat Enterprise Linux)
15 SP3-LTSS (Suse Linux Enterprise Server)
15 SP3-LTSS (SUSE Linux Enterprise High Performance Computing)
15 SP5 (SUSE Linux Enterprise Server for SAP Applications)
15 SP5 (Suse Linux Enterprise Server)
15 SP5 (Suse Linux Enterprise Desktop)
15 SP5 (SUSE Linux Enterprise High Performance Computing)
15 SP5 (SUSE Linux Enterprise Module for Basesystem)
15 SP5 (SUSE Linux Enterprise Module for Legacy Software)
18.04 ESM (Ubuntu)
8.4 Telecommunications Update Service (Red Hat Enterprise Linux)
8.4 Update Services for SAP Solutions (Red Hat Enterprise Linux)
8.4 Advanced Mission Critical Update Support (Red Hat Enterprise Linux)
15 SP5 (SUSE Linux Enterprise Module for Package Hub)
- (Cloud Insights Storage Workload Security Agent)
9 (SUSE Liberty Linux)
8.8 Extended Update Support (Red Hat Enterprise Linux)
9.2 Extended Update Support (Red Hat Enterprise Linux)
8 (SUSE Liberty Linux)
15 SP4-ESPOS (SUSE Linux Enterprise High Performance Computing)
15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing)
15 SP4-LTSS (Suse Linux Enterprise Server)
15 SP6 (Suse Linux Enterprise Desktop)
15 SP6 (Suse Linux Enterprise Server)
15 SP6 (SUSE Linux Enterprise Server for SAP Applications)
15 SP6 (SUSE Linux Enterprise High Performance Computing)
15 SP6 (SUSE Linux Enterprise Module for Basesystem)
15 SP6 (SUSE Linux Enterprise Module for Package Hub)
24.04 LTS (Ubuntu)
15.6 (OpenSUSE Leap)
9.0 Update Services for SAP Solutions (Red Hat Enterprise Linux)
8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux)
8.6 Telecommunications Update Service (Red Hat Enterprise Linux)
8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux)
20.3.14 (GraalVM Enterprise Edition)
21.3.10 (GraalVM Enterprise Edition)
17.0.11 (Oracle GraalVM for JDK)
21.0.3 (Oracle GraalVM for JDK)
22.0.1 (Oracle GraalVM for JDK)
8u411 (Java SE)
8u411-perf (Java SE)
11.0.23 (Java SE)
17.0.11 (Java SE)
21.0.3 (Java SE)
22.0.1 (Java SE)
11.0.24 (Red Hat build of OpenJDK)
17.0.12 (Red Hat build of OpenJDK)
21.0.4 (Red Hat build of OpenJDK)
8u422 (Red Hat build of OpenJDK)
7 Extended Lifecycle Support (Red Hat Enterprise Linux)
15 SP6 (SUSE Linux Enterprise Module for Legacy Software)
- (NetApp BlueXP)
до 8u422 (Axiom AxiomJDK)
до 11.0.24 (Axiom AxiomJDK)
до 17.0.12 (Axiom AxiomJDK)
до 21.0.4 (Axiom AxiomJDK)
до 2.13 (ОСОН ОСнова Оnyx)
Тип ПО
Операционная система
Прикладное ПО информационных систем
Сетевое средство
Операционные системы и аппаратные платформы
Red Hat Inc. Red Hat Enterprise Linux 7
Сообщество свободного программного обеспечения Linux -
Novell Inc. OpenSUSE Leap 15.5
Microsoft Corp. Windows -
Red Hat Inc. Red Hat Enterprise Linux 8
Novell Inc. Suse Linux Enterprise Server 12 SP5
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5
Novell Inc. openSUSE Tumbleweed -
Canonical Ltd. Ubuntu 20.04 LTS
Сообщество свободного программного обеспечения Debian GNU/Linux 11
Сообщество свободного программного обеспечения Debian GNU/Linux 12
ООО «Ред Софт» РЕД ОС 7.3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4
Canonical Ltd. Ubuntu 22.04 LTS
Red Hat Inc. Red Hat Enterprise Linux 9
Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS
Red Hat Inc. Red Hat Enterprise Linux 8.2 Advanced Update Support
Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5
Novell Inc. Suse Linux Enterprise Server 15 SP5
Novell Inc. Suse Linux Enterprise Desktop 15 SP5
Canonical Ltd. Ubuntu 18.04 ESM
Red Hat Inc. Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Red Hat Inc. Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Red Hat Inc. Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Novell Inc. SUSE Liberty Linux 9
Red Hat Inc. Red Hat Enterprise Linux 8.8 Extended Update Support
Red Hat Inc. Red Hat Enterprise Linux 9.2 Extended Update Support
Novell Inc. SUSE Liberty Linux 8
Novell Inc. Suse Linux Enterprise Server 15 SP4-LTSS
Novell Inc. Suse Linux Enterprise Desktop 15 SP6
Novell Inc. Suse Linux Enterprise Server 15 SP6
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6
Canonical Ltd. Ubuntu 24.04 LTS
Novell Inc. OpenSUSE Leap 15.6
Red Hat Inc. Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Red Hat Inc. Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Red Hat Inc. Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Red Hat Inc. Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Red Hat Inc. Red Hat Enterprise Linux 7 Extended Lifecycle Support
АО "НППКТ" ОСОН ОСнова Оnyx до 2.13
Уровень опасности уязвимости
Средний уровень опасности (базовая оценка CVSS 2.0 составляет 4)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 4,8)
Возможные меры по устранению уязвимости
Использование рекомендаций:
Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpujul2024.html
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2024-21145
Для программных продуктов NetApp Inc.:
https://security.netapp.com/advisory/ntap-20240719-0008/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-21145
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2024-21145.html
Для Ubuntu:
https://ubuntu.com/security/notices/USN-6932-1
https://ubuntu.com/security/notices/USN-6931-1
https://ubuntu.com/security/notices/USN-6930-1
https://ubuntu.com/security/notices/USN-6929-1
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для AxiomJDK:
https://axiomjdk.ru/pages/downloads/
Обновление программного обеспечения openjdk-11 до версии 11.0.27+6.repack-1~deb11u1.osnova2u1
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Данные уточняются
Информация об устранении
Уязвимость устранена
Ссылки на источники
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
Процентиль: 33%
0.00127
Низкий
4.8 Medium
CVSS3
4 Medium
CVSS2
Связанные уязвимости
CVSS3: 4.8
ubuntu
11 месяцев назад
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through...
EPSS
Процентиль: 33%
0.00127
Низкий
4.8 Medium
CVSS3
4 Medium
CVSS2