CVE-2024-21208

Summary

CVE-2024-21208 is a vulnerability affecting Oracle Java SE and Oracle GraalVM products, specifically versions 8u421, 11.0.24, 17.0.12, 21.0.4, 23 for Java SE and versions 17.0.12, 21.0.4, and 23 for GraalVM, along with GraalVM Enterprise Edition versions 20.3.15 and 21.3.11. This vulnerability allows unauthenticated attackers with network access to potentially cause a partial denial of service (DoS) to the affected products through various protocols. It is particularly concerning for deployments that run untrusted code via sandboxed applications or applets from the internet, making the exploitation of this vulnerability complex but feasible under certain conditions. To remediate this issue, users are advised to apply the latest security patches provided by Oracle as detailed in their security alerts. The overall severity of this vulnerability has been rated as low; however, organizations should remain vigilant due to its potential availability impact on services reliant on these Java components.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.