CVE-2024-20923Protection Mechanism Failure in Corporation Java SE JDK AND JRE

CWE-693Protection Mechanism Failure6 documents6 sources
Severity
3.1LOWNVD
EPSS
0.4%
top 42.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Oracle Corporation Java SE JDK AND JREOracle GraalvmOracle JDK+1 more
Timeline
PublishedFeb 17

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Succ

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages4 packages

CVEListV5oracle_corporation/java_se_jdk_and_jreOracle GraalVM Enterprise Edition:20.3.12, Oracle GraalVM Enterprise Edition:21.3.8, Oracle Java SE:8u391+2
NVDoracle/graalvm20.3.12, 21.3.8+1
NVDoracle/jdk1.8.0
NVDoracle/jre1.8.0

🔴Vulnerability Details

3
CVEList
CVE-2024-20923: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX)2024-02-17
GHSA
GHSA-8p58-rq38-6972: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX)2024-02-17
OSV
CVE-2024-20923: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX)2024-02-17

📋Vendor Advisories

2
Oracle
Oracle Oracle Java SE Risk Matrix: JavaFX — CVE-2024-209232024-01-15
Debian
CVE-2024-20923: openjfx - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product o...2024
CVE-2024-20923 — Protection Mechanism Failure | cvebase