CVE-2024-20952

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 7.4

EPSS Низкий

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typic

Ссылки

https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240201-0002/
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2024.html
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240201-0002/
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2024.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*

Версия от 11 (включая) до 11.0.24 (исключая)

cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*

Версия от 17 (включая) до 17.0.10 (исключая)

cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*

Версия от 21 (включая) до 21.0.2 (исключая)

cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update372:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update382:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update392:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update402-b00:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update402-b01:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update402-b02:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update402-b03:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update402-b04:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update402-b05:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*

cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*

cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00347

Низкий

7.4 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-284

Связанные уязвимости

CVE-2024-20952

CVSS3: 7.4

ubuntu

больше 1 года назад

CVE-2024-20952

CVSS3: 7.4

redhat

больше 1 года назад

CVE-2024-20952

CVSS3: 7.4

debian

больше 1 года назад

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...

GHSA-343v-9ccv-7535

CVSS3: 7.4

github

больше 1 года назад

BDU:2024-01064

CVSS3: 7.4

fstec

больше 1 года назад

Уязвимость компонента Security программной платформы Oracle Java SE, виртуальных машин Oracle GraalVM for JDK и Oracle GraalVM Enterprise Edition, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

EPSS

Процентиль: 57%

0.00347

Низкий

7.4 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-284