Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-20954

Опубликовано: 16 апр. 2024
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

A vulnerability was found in GraalVM and Mandrel (Community Edition). Successful attacks of this vulnerability can result in unauthorized read access.

Меры по смягчению последствий

No current mitigation is available for this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of Quarkusorg.graalvm.sdk/graal-sdkNot affected
Red Hat build of Quarkus 3.2 on RHEL 8quarkus-mandrel-javaFixedRHSA-2024:408125.06.2024
Red Hat build of Quarkus 3.8 on RHEL 8quarkus-mandrel-javaFixedRHSA-2024:407925.06.2024
RHINT Camel-K 1.10.9FixedRHSA-2025:115406.02.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=2278636graalvm: Unauthorized Read Access

EPSS

Процентиль: 45%
0.00223
Низкий

3.7 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-20954

CVSS3: 3.7
nvd
около 1 года назад

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

github логотип

GHSA-3q44-44h8-2hgc

CVSS3: 3.7
github
около 1 года назад

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

fstec логотип

BDU:2024-04069

CVSS3: 3.7
fstec
около 1 года назад

Уязвимость компонента Compiler виртуальных машин Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, позволяющая нарушителю раскрыть защищаемую информацию

redos логотип

ROS-20241015-17

CVSS3: 3.7
redos
8 месяцев назад

Множественные уязвимости java-17-openjdk

redos логотип

ROS-20241015-16

CVSS3: 3.7
redos
8 месяцев назад

Множественные уязвимости java-21-openjdk

EPSS

Процентиль: 45%
0.00223
Низкий

3.7 Low

CVSS3