CVE-2024-20925 — Corporation Java SE JDK AND JRE vulnerability

7 documents6 sources

Severity

3.1LOWNVD

EPSS

0.2%

top 55.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Java SE JDK AND JRE Oracle Graalvm Oracle JDK +1 more

Timeline

PublishedFeb 17

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Succ…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5oracle_corporation/java_se_jdk_and_jreOracle GraalVM Enterprise Edition:20.3.12, Oracle GraalVM Enterprise Edition:21.3.8, Oracle Java SE:8u391+2

▶NVDoracle/graalvm20.3.12, 21.3.8+1

▶NVDoracle/jdk1.8.0

▶NVDoracle/jre1.8.0

🔴Vulnerability Details

OSV

CVE-2024-20925: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX)↗2024-02-17

▶

OSV

Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project↗2024-02-17

▶

CVEList

CVE-2024-20925: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX)↗2024-02-17

▶

GHSA

Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project↗2024-02-17

▶

📋Vendor Advisories

Oracle

Oracle Oracle Java SE Risk Matrix: JavaFX — CVE-2024-20925↗2024-01-15

▶

Debian

CVE-2024-20925: openjfx - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product o...↗2024

▶