CVE-2024-21147 — Sensitive Information Exposure in Corporation Java SE JDK AND JRE

CWE-200 — Sensitive Information Exposure14 documents8 sources

Severity

7.4HIGHNVD

EPSS

0.7%

top 27.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Java SE JDK AND JRE Oracle Graalvm Oracle Graalvm FOR JDK +2 more

Timeline

PublishedJul 16

Latest updateNov 11

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Or…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages4 packages

▶NVDoracle/graalvm5 versions+4

▶CVEListV5oracle_corporation/java_se_jdk_and_jre11 versions+10

▶NVDoracle/jdk5 versions+4

▶NVDoracle/jre5 versions+4

🔴Vulnerability Details

GHSA

GHSA-hw83-24q6-v392: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot)↗2024-07-17

▶

CVEList

CVE-2024-21147: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot)↗2024-07-16

▶

OSV

CVE-2024-21147: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot)↗2024-07-16

▶

📋Vendor Advisories

Ubuntu

OpenJDK 11 vulnerabilities↗2024-11-11

▶

Ubuntu

OpenJDK 8 vulnerabilities↗2024-11-11

▶

Ubuntu

OpenJDK 17 vulnerabilities↗2024-11-11

▶

Ubuntu

OpenJDK 11 vulnerabilities↗2024-07-31

▶

Ubuntu

OpenJDK 17 vulnerabilities↗2024-07-31

▶