CVE-2024-21147

Опубликовано: 16 июл. 2024

Источник: nvd

CVSS3: 7.4

EPSS Низкий

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by usin

Ссылки

https://security.netapp.com/advisory/ntap-20240719-0008/
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2024.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240719-0008/
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2024.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:data_infrastructure_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:oracle:graalvm:20.3.14:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:graalvm:21.3.10:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:-:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*

cpe:2.3:a:oracle:jdk:11.0.23:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:17.0.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:21.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:22.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:-:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*

cpe:2.3:a:oracle:jre:11.0.23:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:17.0.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:21.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:22.0.1:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00307

Низкий

7.4 High

CVSS3

Дефекты

CWE-200

Связанные уязвимости

CVE-2024-21147

CVSS3: 7.4

ubuntu

11 месяцев назад

CVE-2024-21147

CVSS3: 7.4

redhat

11 месяцев назад

CVE-2024-21147

CVSS3: 7.4

debian

11 месяцев назад

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...

GHSA-hw83-24q6-v392

CVSS3: 7.4

github

11 месяцев назад

BDU:2024-06582

CVSS3: 7.4

fstec

11 месяцев назад

Уязвимость компонента Hotspot виртуальных машин Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK и программной платформы Oracle Java SE, позволяющая нарушителю получить несанкционированный доступ на чтение или изменение данных

EPSS

Процентиль: 53%

0.00307

Низкий

7.4 High

CVSS3

Дефекты

CWE-200