CVE-2024-21211

CWE-9227 documents6 sources
Severity
3.7LOW
EPSS
0.3%
top 47.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Oracle Corporation GraalvmOracle Corporation Oracle Java SEOracle Graalvm+3 more
Timeline
PublishedOct 15
Latest updateJan 15

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edit

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages5 packages

CVEListV5oracle_corporation/oracle_java_se6 versions+5
NVDoracle/graalvm5 versions+4
CVEListV5oracle_corporation/graalvm6 versions+5
NVDoracle/jdk23
NVDoracle/jre23

🔴Vulnerability Details

3
OSV
CVE-2024-21211: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler)2024-10-15
GHSA
GHSA-945q-vj74-93vc: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler)2024-10-15
CVEList
CVE-2024-21211: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler)2024-10-15

📋Vendor Advisories

3
Oracle
Oracle Oracle Database Server Risk Matrix: GraalVM Multilingual Engine — CVE-2024-212112025-01-15
Oracle
Oracle Oracle Java SE Risk Matrix: Compiler — CVE-2024-212112024-10-15
Red Hat
JDK: Compiler unspecified vulnerability (CPU Oct 2024)2024-10-15
CVE-2024-21211 (LOW CVSS 3.7) | Vulnerability in the Oracle Java SE | cvebase.io