CVE-2024-21140

Опубликовано: 16 июл. 2024

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., throu

Ссылки

https://security.netapp.com/advisory/ntap-20240719-0008/
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2024.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240719-0008/
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2024.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:data_infrastructure_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:oracle:graalvm:20.3.14:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:graalvm:21.3.10:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:-:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*

cpe:2.3:a:oracle:jdk:11.0.23:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:17.0.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:21.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:22.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:-:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*

cpe:2.3:a:oracle:jre:11.0.23:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:17.0.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:21.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:22.0.1:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00123

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

CVE-2024-21140

CVSS3: 4.8

ubuntu

11 месяцев назад

CVE-2024-21140

CVSS3: 4.8

redhat

11 месяцев назад

CVE-2024-21140

CVSS3: 4.8

debian

11 месяцев назад

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...

GHSA-7prq-r42m-wfcx

CVSS3: 4.8

github

11 месяцев назад

BDU:2024-06283

CVSS3: 4.8

fstec

11 месяцев назад

Уязвимость компонента Hotspot виртуальных машин Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK и программной платформы Oracle Java SE, позволяющая нарушителю получить несанкционированный доступ на чтение, изменение или удаление данных

EPSS

Процентиль: 33%

0.00123

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-200