CVE-2024-21004

CWE-276Incorrect Default Permissions6 documents6 sources
Severity
2.5LOW
EPSS
0.0%
top 86.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Oracle Corporation Java SE JDK AND JREOracle GraalvmOracle JDK+1 more
Timeline
PublishedApr 16
Latest updateApr 17

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages4 packages

CVEListV5oracle_corporation/java_se_jdk_and_jreOracle GraalVM Enterprise Edition:20.3.13, Oracle GraalVM Enterprise Edition:21.3.9, Oracle Java SE:8u401+2
NVDoracle/graalvm20.3.13, 21.3.9+1
NVDoracle/jdk1.8.0
NVDoracle/jre1.8.0

🔴Vulnerability Details

3
GHSA
GHSA-r5cc-f7pr-5v73: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX)2024-04-17
OSV
CVE-2024-21004: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX)2024-04-16
CVEList
CVE-2024-21004: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX)2024-04-16

📋Vendor Advisories

2
Oracle
Oracle Oracle Java SE Risk Matrix: JavaFX — CVE-2024-210042024-04-15
Debian
CVE-2024-21004: openjfx - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product o...2024
CVE-2024-21004 (LOW CVSS 2.5) | Vulnerability in the Oracle Java SE | cvebase.io