CVE-2024-20921

Summary

CVE-2024-20921 is a vulnerability affecting multiple versions of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition (Hotspot component). The issue allows unauthenticated attackers with network access to compromise these products, potentially gaining unauthorized access to critical data or complete system access. Exploitation occurs through APIs in the specified components, particularly in Java deployments that load and run untrusted code. This vulnerability, with a CVSS Base Score of 5.9 (Confidentiality impacts), is considered difficult to exploit but still poses a significant risk. It affects Oracle Java SE versions 8u391, 8u391-perf, 11.0.21, 17.0.9, and 21.0.1; Oracle GraalVM for JDK versions 17.0.9 and 21.0.1; and Oracle GraalVM Enterprise Edition versions 20.3.12, 21.3.8, and 22.3.4.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.