Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2024-21004
HistoryApr 16, 2024 - 12:00 a.m.

CVE-2024-21004

2024-04-1600:00:00
ubuntu.com
ubuntu.com
5
oracle java se
oracle graalvm
vulnerability
unauthorized access
java sandbox
integrity impacts
cvss 3.1

2.5 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

3.1 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition
product of Oracle Java SE (component: JavaFX). Supported versions that are
affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition:
20.3.13 and 21.3.9. Difficult to exploit vulnerability allows
unauthenticated attacker with logon to the infrastructure where Oracle Java
SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java
SE, Oracle GraalVM Enterprise Edition. Successful attacks require human
interaction from a person other than the attacker. Successful attacks of
this vulnerability can result in unauthorized update, insert or delete
access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition
accessible data. Note: This vulnerability applies to Java deployments,
typically in clients running sandboxed Java Web Start applications or
sandboxed Java applets, that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. This
vulnerability does not apply to Java deployments, typically in servers,
that load and run only trusted code (e.g., code installed by an
administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

Notes

Author Note
mdeslaur only affects JavaFX

Related

cvelist 1
nvd 1
wolfi 1
debiancve 1
cve 1
f5 1
openvas 2
nessus 5
amazon 1
kaspersky 1
oracle 1
cvelist
cvelist
CVE-2024-21004
2024-04-16 21:25:59
nvd
nvd
CVE-2024-21004
2024-04-16 22:15:14
wolfi
wolfi
CVE-2024-21004 vulnerabilities
2024-06-29 09:08:33
debiancve
debiancve
CVE-2024-21004
2024-04-16 22:15:14
cve
cve
CVE-2024-21004
2024-04-16 22:15:14
f5
f5
K000139423 : OpenJDK vulnerabilities CVE-2024-21002, CVE-2024-21003, and CVE-2024-21004
2024-04-27 00:00:00
openvas
openvas
Oracle Java SE Security Update (Apr 2024) -02 - Windows
2024-04-18 00:00:00
Oracle Java SE Security Update (Apr 2024) -02 - Linux
2024-04-18 00:00:00
nessus
nessus
Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2024-2540)
2024-05-15 00:00:00
Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-011)
2024-04-30 00:00:00
Amazon Linux 2023 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2023-2024-602)
2024-04-29 00:00:00
amazon
amazon
Low: java-1.8.0-openjdk
2024-05-09 19:16:00
kaspersky
kaspersky
KLA65636 Multiple vulnerabilities in Oracle Java SE and GraalVM
2024-04-16 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

2.5 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

3.1 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for UB:CVE-2024-21004
cvelist1nvd1wolfi1debiancve1cve1f51openvas2nessus5amazon1kaspersky1oracle1