CVE-2024-20952

EPSS 0.32%
Veröffentlicht 16.01.2024 22:15:42
Zuletzt bearbeitet 26.03.2025 15:03:47
Quelle secalert_us@oracle.com
Teams Watchlist Login
Unerledigt Login

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Openjdk Version >= 11 < 11.0.24

Oracle ≫ Openjdk Version >= 17 < 17.0.10

Oracle ≫ Openjdk Version >= 21 < 21.0.2

Oracle ≫ Openjdk Version8 Update-

Oracle ≫ Openjdk Version8 Updatemilestone1

Oracle ≫ Openjdk Version8 Updatemilestone2

Oracle ≫ Openjdk Version8 Updatemilestone3

Oracle ≫ Openjdk Version8 Updatemilestone4

Oracle ≫ Openjdk Version8 Updatemilestone5

Oracle ≫ Openjdk Version8 Updatemilestone6

Oracle ≫ Openjdk Version8 Updatemilestone7

Oracle ≫ Openjdk Version8 Updatemilestone8

Oracle ≫ Openjdk Version8 Updatemilestone9

Oracle ≫ Openjdk Version8 Updateupdate101

Oracle ≫ Openjdk Version8 Updateupdate102

Oracle ≫ Openjdk Version8 Updateupdate11

Oracle ≫ Openjdk Version8 Updateupdate111

Oracle ≫ Openjdk Version8 Updateupdate112

Oracle ≫ Openjdk Version8 Updateupdate121

Oracle ≫ Openjdk Version8 Updateupdate131

Oracle ≫ Openjdk Version8 Updateupdate141

Oracle ≫ Openjdk Version8 Updateupdate151

Oracle ≫ Openjdk Version8 Updateupdate152

Oracle ≫ Openjdk Version8 Updateupdate161

Oracle ≫ Openjdk Version8 Updateupdate162

Oracle ≫ Openjdk Version8 Updateupdate171

Oracle ≫ Openjdk Version8 Updateupdate172

Oracle ≫ Openjdk Version8 Updateupdate181

Oracle ≫ Openjdk Version8 Updateupdate191

Oracle ≫ Openjdk Version8 Updateupdate192

Oracle ≫ Openjdk Version8 Updateupdate20

Oracle ≫ Openjdk Version8 Updateupdate201

Oracle ≫ Openjdk Version8 Updateupdate202

Oracle ≫ Openjdk Version8 Updateupdate211

Oracle ≫ Openjdk Version8 Updateupdate212

Oracle ≫ Openjdk Version8 Updateupdate221

Oracle ≫ Openjdk Version8 Updateupdate222

Oracle ≫ Openjdk Version8 Updateupdate231

Oracle ≫ Openjdk Version8 Updateupdate232

Oracle ≫ Openjdk Version8 Updateupdate241

Oracle ≫ Openjdk Version8 Updateupdate242

Oracle ≫ Openjdk Version8 Updateupdate25

Oracle ≫ Openjdk Version8 Updateupdate252

Oracle ≫ Openjdk Version8 Updateupdate262

Oracle ≫ Openjdk Version8 Updateupdate271

Oracle ≫ Openjdk Version8 Updateupdate281

Oracle ≫ Openjdk Version8 Updateupdate282

Oracle ≫ Openjdk Version8 Updateupdate291

Oracle ≫ Openjdk Version8 Updateupdate301

Oracle ≫ Openjdk Version8 Updateupdate302

Oracle ≫ Openjdk Version8 Updateupdate31

Oracle ≫ Openjdk Version8 Updateupdate312

Oracle ≫ Openjdk Version8 Updateupdate322

Oracle ≫ Openjdk Version8 Updateupdate332

Oracle ≫ Openjdk Version8 Updateupdate342

Oracle ≫ Openjdk Version8 Updateupdate352

Oracle ≫ Openjdk Version8 Updateupdate362

Oracle ≫ Openjdk Version8 Updateupdate372

Oracle ≫ Openjdk Version8 Updateupdate382

Oracle ≫ Openjdk Version8 Updateupdate392

Oracle ≫ Openjdk Version8 Updateupdate40

Oracle ≫ Openjdk Version8 Updateupdate402-b00

Oracle ≫ Openjdk Version8 Updateupdate402-b01

Oracle ≫ Openjdk Version8 Updateupdate402-b02

Oracle ≫ Openjdk Version8 Updateupdate402-b03

Oracle ≫ Openjdk Version8 Updateupdate402-b04

Oracle ≫ Openjdk Version8 Updateupdate402-b05

Oracle ≫ Openjdk Version8 Updateupdate45

Oracle ≫ Openjdk Version8 Updateupdate5

Oracle ≫ Openjdk Version8 Updateupdate51

Oracle ≫ Openjdk Version8 Updateupdate60

Oracle ≫ Openjdk Version8 Updateupdate65

Oracle ≫ Openjdk Version8 Updateupdate66

Oracle ≫ Openjdk Version8 Updateupdate71

Oracle ≫ Openjdk Version8 Updateupdate72

Oracle ≫ Openjdk Version8 Updateupdate73

Oracle ≫ Openjdk Version8 Updateupdate74

Oracle ≫ Openjdk Version8 Updateupdate77

Oracle ≫ Openjdk Version8 Updateupdate91

Oracle ≫ Openjdk Version8 Updateupdate92

Oracle ≫ Graalvm Version20.3.12 SwEditionenterprise

Oracle ≫ Graalvm Version21.3.8 SwEditionenterprise

Oracle ≫ Graalvm Version22.3.4 SwEditionenterprise

Oracle ≫ Graalvm For Jdk Version17.0.9

Oracle ≫ Graalvm For Jdk Version21.0.1

Oracle ≫ Jdk Version1.8.0 Updateupdate391 SwEdition-

Oracle ≫ Jdk Version1.8.0 Updateupdate391 SwEditionenterprise_performance_pack

Oracle ≫ Jdk Version11.0.21

Oracle ≫ Jdk Version17.0.9

Oracle ≫ Jdk Version21.0.1

Oracle ≫ Jre Version1.8.0 Updateupdate391 SwEdition-

Oracle ≫ Jre Version1.8.0 Updateupdate391 SwEditionenterprise_performance_pack

Oracle ≫ Jre Version11.0.21

Oracle ≫ Jre Version17.0.9

Oracle ≫ Jre Version21.0.1

Netapp ≫ Cloud Insights Acquisition Unit Version-

Netapp ≫ Cloud Insights Storage Workload Security Agent Version-

Netapp ≫ Oncommand Insight Version-

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.55

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert_us@oracle.com	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://www.oracle.com/security-alerts/cpujan2024.html

Patch

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20240201-0002/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-20952

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20952

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20952

EUVD