CVE-2024-20932 — Improper Access Control in Corporation Java SE JDK AND JRE

CWE-284 — Improper Access Control CWE-20 — Improper Input Validation9 documents9 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 61.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Java SE JDK AND JRE Oracle Graalvm Oracle Graalvm FOR JDK +2 more

Timeline

PublishedJan 16

Latest updateJul 16

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successf…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5oracle_corporation/java_se_jdk_and_jre4 versions+3

▶NVDoracle/graalvm21.3.8, 22.3.4, 17.0.9+2

▶NVDoracle/jdk17.0.9

▶NVDoracle/jre17.0.9

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-ccwc-jrj7-h4v6: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security)↗2024-01-17

▶

CVEList

CVE-2024-20932: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security)↗2024-01-16

▶

OSV

CVE-2024-20932: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security)↗2024-01-16

▶

📋Vendor Advisories

Atlassian

CVE-2023-22025 CVE-2023-22081 CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926 CVE-2024-20932 CVE-2024-20945↗2024-07-16

▶

Ubuntu

OpenJDK 17 vulnerabilities↗2024-02-27

▶

Red Hat

OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123)↗2024-01-16

▶

Oracle

Oracle Oracle Java SE Risk Matrix: Security — CVE-2024-20932↗2024-01-15

▶

Debian

CVE-2024-20932: openjdk-17 - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Ente...↗2024

▶