CVE-2024-21003

CWE-2506 documents6 sources

Severity

3.1LOW

EPSS

0.2%

top 57.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Java SE JDK AND JRE Oracle Graalvm Oracle JDK +1 more

Timeline

PublishedApr 16

Latest updateApr 17

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Succ…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5oracle_corporation/java_se_jdk_and_jreOracle GraalVM Enterprise Edition:20.3.13, Oracle GraalVM Enterprise Edition:21.3.9, Oracle Java SE:8u401+2

▶NVDoracle/graalvm20.3.13, 21.3.9+1

▶NVDoracle/jdk1.8.0

▶NVDoracle/jre1.8.0

🔴Vulnerability Details

GHSA

GHSA-wg7v-w4x5-xvmx: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX)↗2024-04-17

▶

OSV

CVE-2024-21003: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX)↗2024-04-16

▶

CVEList

CVE-2024-21003: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX)↗2024-04-16

▶

📋Vendor Advisories

Oracle

Oracle Oracle Java SE Risk Matrix: JavaFX — CVE-2024-21003↗2024-04-15

▶

Debian

CVE-2024-21003: openjfx - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product o...↗2024

▶