Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-21211
Vulnerability from cvelistv5
Published
2024-10-15 19:52
Modified
2024-10-31 12:58
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Oracle Corporation | GraalVM |
Version: Oracle Java SE:23 Version: Oracle GraalVM for JDK:17.0.12 Version: Oracle GraalVM for JDK:21.0.4 Version: Oracle GraalVM for JDK:23 Version: Oracle GraalVM Enterprise Edition:20.3.15 Version: Oracle GraalVM Enterprise Edition:21.3.11 cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:* |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:26:03.882463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T12:58:57.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-18T13:07:36.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241018-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
"cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
],
"product": "GraalVM",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:23"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:17.0.12"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:21.0.4"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:23"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.15"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.11"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
"cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
],
"product": "Oracle Java SE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:23"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:17.0.12"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:21.0.4"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:23"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.15"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.11"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:52:41.883Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21211",
"datePublished": "2024-10-15T19:52:41.883Z",
"dateReserved": "2023-12-07T22:28:10.690Z",
"dateUpdated": "2024-10-31T12:58:57.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-21211\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2024-10-15T20:15:10.050\",\"lastModified\":\"2024-11-21T08:53:58.940\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Compiler). Las versiones compatibles afectadas son Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 y 21.3.11. Esta vulnerabilidad, dif\u00edcil de explotar, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso no autorizado a actualizaciones, inserciones o eliminaciones de algunos datos accesibles de Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede explotar mediante el uso de API en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que proporciona datos a las API. Esta vulnerabilidad tambi\u00e9n se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start o subprogramas Java en entornos aislados, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno aislado de Java para su seguridad. Puntuaci\u00f3n base CVSS 3.1 3.7 (impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-922\"}]}],\"references\":[{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2024.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241018-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20241018-0008/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-10-18T13:07:36.569Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21211\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-17T13:26:03.882463Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-922\", \"description\": \"CWE-922 Insecure Storage of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-17T13:26:09.568Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*\", \"cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*\"], \"vendor\": \"Oracle Corporation\", \"product\": \"GraalVM\", \"versions\": [{\"status\": \"affected\", \"version\": \"Oracle Java SE:23\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM for JDK:17.0.12\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM for JDK:21.0.4\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM for JDK:23\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:20.3.15\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:21.3.11\"}]}, {\"cpes\": [\"cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*\", \"cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*\"], \"vendor\": \"Oracle Corporation\", \"product\": \"Oracle Java SE\", \"versions\": [{\"status\": \"affected\", \"version\": \"Oracle Java SE:23\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM for JDK:17.0.12\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM for JDK:21.0.4\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM for JDK:23\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:20.3.15\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:21.3.11\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuoct2024.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2024-10-15T19:52:41.883Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-21211\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-31T12:58:57.038Z\", \"dateReserved\": \"2023-12-07T22:28:10.690Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2024-10-15T19:52:41.883Z\", \"assignerShortName\": \"oracle\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
gsd-2024-21211
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2024-21211",
"id": "GSD-2024-21211"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-21211"
],
"id": "GSD-2024-21211",
"modified": "2023-12-13T01:21:42.764145Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-21211",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
fkie_cve-2024-21211
Vulnerability from fkie_nvd
Published
2024-10-15 20:15
Modified
2024-11-21 08:53
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Compiler). Las versiones compatibles afectadas son Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 y 21.3.11. Esta vulnerabilidad, dif\u00edcil de explotar, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso no autorizado a actualizaciones, inserciones o eliminaciones de algunos datos accesibles de Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede explotar mediante el uso de API en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que proporciona datos a las API. Esta vulnerabilidad tambi\u00e9n se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start o subprogramas Java en entornos aislados, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno aislado de Java para su seguridad. Puntuaci\u00f3n base CVSS 3.1 3.7 (impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
],
"id": "CVE-2024-21211",
"lastModified": "2024-11-21T08:53:58.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2024-10-15T20:15:10.050",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241018-0008/"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
ncsc-2024-0419
Vulnerability from csaf_ncscnl
Published
2024-10-17 13:20
Modified
2024-10-17 13:20
Summary
Kwetsbaarheden verholpen in Oracle Java
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipuleren van data
- Uitvoer van willekeurige code (Gebruikersrechten)
- Toegang tot gevoelige gegevens
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-195
Signed to Unsigned Conversion Error
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-190
Integer Overflow or Wraparound
CWE-416
Use After Free
CWE-122
Heap-based Buffer Overflow
CWE-789
Memory Allocation with Excessive Size Value
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Toegang tot gevoelige gegevens\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Signed to Unsigned Conversion Error",
"title": "CWE-195"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; hkcert; nvd; oracle; redhat",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Java",
"tracking": {
"current_release_date": "2024-10-17T13:20:07.759085Z",
"id": "NCSC-2024-0419",
"initial_release_date": "2024-10-17T13:20:07.759085Z",
"revision_history": [
{
"date": "2024-10-17T13:20:07.759085Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673125",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673121",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673122",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673123",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673120",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_java_se_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673115",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673116",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673112",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673113",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673114",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673108",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673109",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673110",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673111",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673107",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673106",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673124",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle_corporation"
},
{
"branches": [
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912046",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503299",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1673300",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912045",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503302",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1673301",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912044",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503306",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1673304",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912600",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912601",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1457455",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1672740",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673407",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1672742",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673406",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_server",
"product": {
"name": "database_server",
"product_id": "CSAFPID-1503604",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-550274",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912051",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503300",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:11.0.23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673306",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912050",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503304",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:17.0.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673303",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912049",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503305",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:21.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673305",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503307",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:22.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912048",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673302",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912047",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503308",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u411:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1672741",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673439",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912602",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503647",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503648",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912603",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912604",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503649",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912605",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503650",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503651",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912606",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674674",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674680",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674673",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674675",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674672",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674681",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674676",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674678",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674677",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674679",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-220891",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-7104",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1672741"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-7104",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7104.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1672741"
]
}
],
"title": "CVE-2023-7104"
},
{
"cve": "CVE-2023-42950",
"product_status": {
"known_affected": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-42950",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42950.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2023-42950"
},
{
"cve": "CVE-2024-21208",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1673304",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21208",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21208.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1673304",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21208"
},
{
"cve": "CVE-2024-21210",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-1673303",
"CSAFPID-1673302",
"CSAFPID-1673306",
"CSAFPID-220891",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21210",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21210.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-1673303",
"CSAFPID-1673302",
"CSAFPID-1673306",
"CSAFPID-220891",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21210"
},
{
"cve": "CVE-2024-21211",
"product_status": {
"known_affected": [
"CSAFPID-1673120",
"CSAFPID-1673121",
"CSAFPID-1673122",
"CSAFPID-1673123",
"CSAFPID-1673124",
"CSAFPID-1673125",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673302",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21211",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673120",
"CSAFPID-1673121",
"CSAFPID-1673122",
"CSAFPID-1673123",
"CSAFPID-1673124",
"CSAFPID-1673125",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673302",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21211"
},
{
"cve": "CVE-2024-21217",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21217",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21217.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21217"
},
{
"cve": "CVE-2024-21235",
"cwe": {
"id": "CWE-195",
"name": "Signed to Unsigned Conversion Error"
},
"notes": [
{
"category": "other",
"text": "Signed to Unsigned Conversion Error",
"title": "CWE-195"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673301",
"CSAFPID-1672741",
"CSAFPID-1673300",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673304",
"CSAFPID-1673303",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21235",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21235.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673301",
"CSAFPID-1672741",
"CSAFPID-1673300",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673304",
"CSAFPID-1673303",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21235"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681",
"CSAFPID-550274",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912047",
"CSAFPID-912048",
"CSAFPID-912049",
"CSAFPID-912050",
"CSAFPID-912051",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912602",
"CSAFPID-912603",
"CSAFPID-912604",
"CSAFPID-912605",
"CSAFPID-1503604",
"CSAFPID-912606",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503647",
"CSAFPID-1503648",
"CSAFPID-1503649",
"CSAFPID-1503650",
"CSAFPID-1503651",
"CSAFPID-1503300",
"CSAFPID-1503304",
"CSAFPID-1503305",
"CSAFPID-1503307",
"CSAFPID-1503308"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681",
"CSAFPID-550274",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912047",
"CSAFPID-912048",
"CSAFPID-912049",
"CSAFPID-912050",
"CSAFPID-912051",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912602",
"CSAFPID-912603",
"CSAFPID-912604",
"CSAFPID-912605",
"CSAFPID-1503604",
"CSAFPID-912606",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503647",
"CSAFPID-1503648",
"CSAFPID-1503649",
"CSAFPID-1503650",
"CSAFPID-1503651",
"CSAFPID-1503300",
"CSAFPID-1503304",
"CSAFPID-1503305",
"CSAFPID-1503307",
"CSAFPID-1503308"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-36138",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1673300",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36138",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json"
}
],
"title": "CVE-2024-36138"
}
]
}
ncsc-2025-0020
Vulnerability from csaf_ncscnl
Published
2025-01-22 13:30
Modified
2025-01-22 13:30
Summary
Kwetsbaarheden verholpen in Oracle Database producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.
Interpretaties
De kwetsbaarheden bevinden zich in verschillende componenten van de Oracle Database, waaronder de Data Mining component en de Java VM. Deze kwetsbaarheden stellen laaggeprivilegieerde geauthenticeerde gebruikers in staat om het systeem te compromitteren, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie. De Java VM-kwetsbaarheid kan ook leiden tot ongeautoriseerde wijzigingen van gegevens.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-391
Unchecked Error Condition
CWE-115
Misinterpretation of Input
CWE-466
Return of Pointer Value Outside of Expected Range
CWE-222
Truncation of Security-relevant Information
CWE-131
Incorrect Calculation of Buffer Size
CWE-1287
Improper Validation of Specified Type of Input
CWE-922
Insecure Storage of Sensitive Information
CWE-191
Integer Underflow (Wrap or Wraparound)
CWE-1220
Insufficient Granularity of Access Control
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-178
Improper Handling of Case Sensitivity
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-440
Expected Behavior Violation
CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-617
Reachable Assertion
CWE-427
Uncontrolled Search Path Element
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE-354
Improper Validation of Integrity Check Value
CWE-190
Integer Overflow or Wraparound
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-476
NULL Pointer Dereference
CWE-757
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-674
Uncontrolled Recursion
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-611
Improper Restriction of XML External Entity Reference
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
Improper Input Validation
CWE-276
Incorrect Default Permissions
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in verschillende componenten van de Oracle Database, waaronder de Data Mining component en de Java VM. Deze kwetsbaarheden stellen laaggeprivilegieerde geauthenticeerde gebruikers in staat om het systeem te compromitteren, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie. De Java VM-kwetsbaarheid kan ook leiden tot ongeautoriseerde wijzigingen van gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Unchecked Error Condition",
"title": "CWE-391"
},
{
"category": "general",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "general",
"text": "Return of Pointer Value Outside of Expected Range",
"title": "CWE-466"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "general",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "general",
"text": "Insecure Storage of Sensitive Information",
"title": "CWE-922"
},
{
"category": "general",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "general",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
},
{
"category": "general",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "general",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "general",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
},
{
"category": "general",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "general",
"text": "Reachable Assertion",
"title": "CWE-617"
},
{
"category": "general",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Authentication Bypass Using an Alternate Path or Channel",
"title": "CWE-288"
},
{
"category": "general",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"title": "CWE-757"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Database producten",
"tracking": {
"current_release_date": "2025-01-22T13:30:16.354373Z",
"id": "NCSC-2025-0020",
"initial_release_date": "2025-01-22T13:30:16.354373Z",
"revision_history": [
{
"date": "2025-01-22T13:30:16.354373Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "graal_development_kit_for_micronaut",
"product": {
"name": "graal_development_kit_for_micronaut",
"product_id": "CSAFPID-1751216",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graal_development_kit_for_micronaut:23.5-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_data_mining",
"product": {
"name": "database_-_data_mining",
"product_id": "CSAFPID-1751200",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_data_mining:19.3-19.25:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_data_mining",
"product": {
"name": "database_-_data_mining",
"product_id": "CSAFPID-1751199",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_data_mining:21.3-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_migration_assistant_for_unicode",
"product": {
"name": "database_migration_assistant_for_unicode",
"product_id": "CSAFPID-1751212",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_migration_assistant_for_unicode:19.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_server",
"product": {
"name": "database_server",
"product_id": "CSAFPID-1503604",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_graalvm_multilingual_engine",
"product": {
"name": "database_-_graalvm_multilingual_engine",
"product_id": "CSAFPID-1751223",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:21.4-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_graalvm_multilingual_engine",
"product": {
"name": "database_-_graalvm_multilingual_engine",
"product_id": "CSAFPID-1751224",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:23.5-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express",
"product": {
"name": "application_express",
"product_id": "CSAFPID-1503575",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express",
"product": {
"name": "application_express",
"product_id": "CSAFPID-1673188",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-342816",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-816845",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1650825",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1751298",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1751299",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1650767",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-485902",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503736",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.23.0.0.240716:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503739",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751093",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751094",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751095",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751204",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.4-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503738",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751203",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1650765",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "rest_data_services",
"product": {
"name": "rest_data_services",
"product_id": "CSAFPID-711746",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "rest_data_services",
"product": {
"name": "rest_data_services",
"product_id": "CSAFPID-1751305",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:rest_data_services:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "rest_data_services",
"product": {
"name": "rest_data_services",
"product_id": "CSAFPID-1751304",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:rest_data_services:24.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-667692",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-345049",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-611417",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-1673422",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38998",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
}
],
"title": "CVE-2024-38998"
},
{
"cve": "CVE-2024-38999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38999",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
}
],
"title": "CVE-2024-38999"
},
{
"cve": "CVE-2024-45490",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "other",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45490",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json"
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45491",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json"
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45492",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json"
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-45772",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45772",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45772.json"
}
],
"title": "CVE-2024-45772"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-47554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825",
"CSAFPID-1751298",
"CSAFPID-1751299"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650825",
"CSAFPID-1751298",
"CSAFPID-1751299"
]
}
],
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2024-50379",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-50379",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50379.json"
}
],
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-52316",
"cwe": {
"id": "CWE-391",
"name": "Unchecked Error Condition"
},
"notes": [
{
"category": "other",
"text": "Unchecked Error Condition",
"title": "CWE-391"
},
{
"category": "other",
"text": "Authentication Bypass Using an Alternate Path or Channel",
"title": "CWE-288"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-52316",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52316.json"
}
],
"title": "CVE-2024-52316"
},
{
"cve": "CVE-2024-54677",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-54677",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54677.json"
}
],
"title": "CVE-2024-54677"
},
{
"cve": "CVE-2024-56337",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-56337",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json"
}
],
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2025-21553",
"references": [
{
"category": "self",
"summary": "CVE-2025-21553",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21553.json"
}
],
"title": "CVE-2025-21553"
},
{
"cve": "CVE-2025-21557",
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1673188"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21557",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21557.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1673188"
]
}
],
"title": "CVE-2025-21557"
},
{
"cve": "CVE-2022-26345",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751199",
"CSAFPID-1751200"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-26345",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-26345.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751199",
"CSAFPID-1751200"
]
}
],
"title": "CVE-2022-26345"
},
{
"cve": "CVE-2023-27043",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-27043",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-27043.json"
}
],
"title": "CVE-2023-27043"
},
{
"cve": "CVE-2023-36730",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-36730",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36730.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
}
],
"title": "CVE-2023-36730"
},
{
"cve": "CVE-2023-36785",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-36785",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36785.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
}
],
"title": "CVE-2023-36785"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "other",
"text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"title": "CWE-757"
},
{
"category": "other",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650765",
"CSAFPID-1650767",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-711746",
"CSAFPID-816845",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-1751212"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650765",
"CSAFPID-1650767",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-711746",
"CSAFPID-816845",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-1751212"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-52428",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-342816",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-816845",
"CSAFPID-711746",
"CSAFPID-1751216"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52428",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-342816",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-816845",
"CSAFPID-711746",
"CSAFPID-1751216"
]
}
],
"title": "CVE-2023-52428"
},
{
"cve": "CVE-2024-2961",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2961",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-4030",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "other",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-4030",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4030.json"
}
],
"title": "CVE-2024-4030"
},
{
"cve": "CVE-2024-4032",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-4032",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4032.json"
}
],
"title": "CVE-2024-4032"
},
{
"cve": "CVE-2024-6232",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-6232",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json"
}
],
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-6763",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751304",
"CSAFPID-1751305"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6763",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6763.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751304",
"CSAFPID-1751305"
]
}
],
"title": "CVE-2024-6763"
},
{
"cve": "CVE-2024-6923",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-6923",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6923.json"
}
],
"title": "CVE-2024-6923"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-7254",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-7592",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-7592",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json"
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-8088",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-8088",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8088.json"
}
],
"title": "CVE-2024-8088"
},
{
"cve": "CVE-2024-8927",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8927",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8927.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-8927"
},
{
"cve": "CVE-2024-11053",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-11053",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json"
}
],
"title": "CVE-2024-11053"
},
{
"cve": "CVE-2024-21211",
"cwe": {
"id": "CWE-922",
"name": "Insecure Storage of Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Insecure Storage of Sensitive Information",
"title": "CWE-922"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751223",
"CSAFPID-1751224"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21211",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751223",
"CSAFPID-1751224"
]
}
],
"title": "CVE-2024-21211"
},
{
"cve": "CVE-2024-22262",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22262",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1650825",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
}
],
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-24789",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-24789",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24789.json"
}
],
"title": "CVE-2024-24789"
},
{
"cve": "CVE-2024-24790",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-24790",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24790.json"
}
],
"title": "CVE-2024-24790"
},
{
"cve": "CVE-2024-24791",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-24791",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24791.json"
}
],
"title": "CVE-2024-24791"
},
{
"cve": "CVE-2024-28757",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28757",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28757.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-33599",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33599",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33599.json"
}
],
"title": "CVE-2024-33599"
},
{
"cve": "CVE-2024-33600",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33600",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33600.json"
}
],
"title": "CVE-2024-33600"
},
{
"cve": "CVE-2024-33601",
"cwe": {
"id": "CWE-703",
"name": "Improper Check or Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "other",
"text": "Reachable Assertion",
"title": "CWE-617"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33601",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33601.json"
}
],
"title": "CVE-2024-33601"
},
{
"cve": "CVE-2024-33602",
"cwe": {
"id": "CWE-466",
"name": "Return of Pointer Value Outside of Expected Range"
},
"notes": [
{
"category": "other",
"text": "Return of Pointer Value Outside of Expected Range",
"title": "CWE-466"
},
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33602",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json"
}
],
"title": "CVE-2024-33602"
},
{
"cve": "CVE-2024-38819",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38819",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1650825"
]
}
],
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38820",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38820",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650825"
]
}
],
"title": "CVE-2024-38820"
}
]
}
NCSC-2024-0419
Vulnerability from csaf_ncscnl
Published
2024-10-17 13:20
Modified
2024-10-17 13:20
Summary
Kwetsbaarheden verholpen in Oracle Java
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipuleren van data
- Uitvoer van willekeurige code (Gebruikersrechten)
- Toegang tot gevoelige gegevens
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-195
Signed to Unsigned Conversion Error
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-190
Integer Overflow or Wraparound
CWE-416
Use After Free
CWE-122
Heap-based Buffer Overflow
CWE-789
Memory Allocation with Excessive Size Value
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Toegang tot gevoelige gegevens\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Signed to Unsigned Conversion Error",
"title": "CWE-195"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; hkcert; nvd; oracle; redhat",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Java",
"tracking": {
"current_release_date": "2024-10-17T13:20:07.759085Z",
"id": "NCSC-2024-0419",
"initial_release_date": "2024-10-17T13:20:07.759085Z",
"revision_history": [
{
"date": "2024-10-17T13:20:07.759085Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673125",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673121",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673122",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673123",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673120",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_java_se_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673115",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673116",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673112",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673113",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673114",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673108",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673109",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673110",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673111",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673107",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673106",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673124",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle_corporation"
},
{
"branches": [
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912046",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503299",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1673300",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912045",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503302",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1673301",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912044",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503306",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1673304",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912600",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912601",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1457455",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1672740",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673407",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1672742",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673406",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_server",
"product": {
"name": "database_server",
"product_id": "CSAFPID-1503604",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-550274",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912051",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503300",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:11.0.23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673306",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912050",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503304",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:17.0.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673303",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912049",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503305",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:21.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673305",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503307",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:22.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912048",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673302",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912047",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503308",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u411:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1672741",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673439",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912602",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503647",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503648",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912603",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912604",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503649",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912605",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503650",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503651",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912606",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674674",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674680",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674673",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674675",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674672",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674681",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674676",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674678",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674677",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674679",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-220891",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-7104",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1672741"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-7104",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7104.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1672741"
]
}
],
"title": "CVE-2023-7104"
},
{
"cve": "CVE-2023-42950",
"product_status": {
"known_affected": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-42950",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42950.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2023-42950"
},
{
"cve": "CVE-2024-21208",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1673304",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21208",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21208.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1673304",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21208"
},
{
"cve": "CVE-2024-21210",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-1673303",
"CSAFPID-1673302",
"CSAFPID-1673306",
"CSAFPID-220891",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21210",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21210.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-1673303",
"CSAFPID-1673302",
"CSAFPID-1673306",
"CSAFPID-220891",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21210"
},
{
"cve": "CVE-2024-21211",
"product_status": {
"known_affected": [
"CSAFPID-1673120",
"CSAFPID-1673121",
"CSAFPID-1673122",
"CSAFPID-1673123",
"CSAFPID-1673124",
"CSAFPID-1673125",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673302",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21211",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673120",
"CSAFPID-1673121",
"CSAFPID-1673122",
"CSAFPID-1673123",
"CSAFPID-1673124",
"CSAFPID-1673125",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673302",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21211"
},
{
"cve": "CVE-2024-21217",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21217",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21217.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21217"
},
{
"cve": "CVE-2024-21235",
"cwe": {
"id": "CWE-195",
"name": "Signed to Unsigned Conversion Error"
},
"notes": [
{
"category": "other",
"text": "Signed to Unsigned Conversion Error",
"title": "CWE-195"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673301",
"CSAFPID-1672741",
"CSAFPID-1673300",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673304",
"CSAFPID-1673303",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21235",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21235.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673301",
"CSAFPID-1672741",
"CSAFPID-1673300",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673304",
"CSAFPID-1673303",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21235"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681",
"CSAFPID-550274",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912047",
"CSAFPID-912048",
"CSAFPID-912049",
"CSAFPID-912050",
"CSAFPID-912051",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912602",
"CSAFPID-912603",
"CSAFPID-912604",
"CSAFPID-912605",
"CSAFPID-1503604",
"CSAFPID-912606",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503647",
"CSAFPID-1503648",
"CSAFPID-1503649",
"CSAFPID-1503650",
"CSAFPID-1503651",
"CSAFPID-1503300",
"CSAFPID-1503304",
"CSAFPID-1503305",
"CSAFPID-1503307",
"CSAFPID-1503308"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681",
"CSAFPID-550274",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912047",
"CSAFPID-912048",
"CSAFPID-912049",
"CSAFPID-912050",
"CSAFPID-912051",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912602",
"CSAFPID-912603",
"CSAFPID-912604",
"CSAFPID-912605",
"CSAFPID-1503604",
"CSAFPID-912606",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503647",
"CSAFPID-1503648",
"CSAFPID-1503649",
"CSAFPID-1503650",
"CSAFPID-1503651",
"CSAFPID-1503300",
"CSAFPID-1503304",
"CSAFPID-1503305",
"CSAFPID-1503307",
"CSAFPID-1503308"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-36138",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1673300",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36138",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json"
}
],
"title": "CVE-2024-36138"
}
]
}
WID-SEC-W-2024-3189
Vulnerability from csaf_certbund
Published
2024-10-15 22:00
Modified
2025-01-13 23:00
Summary
Oracle Java SE: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3189 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3189.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3189 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3189"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Java SE vom 2024-10-15",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixJAVA"
},
{
"category": "external",
"summary": "Azul Zulu builds of OpenJDK vom 2024-10-15",
"url": "https://docs.azul.com/core/pdfs/october-2024/azul-zulu-ca-release-notes-october-2024-rev1.0.pdf"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8120 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8120"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8121 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8121"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8122 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8122"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8119 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8119"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8124 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8124"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8118 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8118"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8128 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8128"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8129 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8129"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8125 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8125"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8127 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8127"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8123 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8123"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8126 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8126"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8121 vom 2024-10-18",
"url": "https://linux.oracle.com/errata/ELSA-2024-8121.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8116 vom 2024-10-17",
"url": "https://access.redhat.com/errata/RHSA-2024:8116"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8117 vom 2024-10-17",
"url": "https://rhn.redhat.com/errata/RHSA-2024:8117.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8127 vom 2024-10-18",
"url": "https://linux.oracle.com/errata/ELSA-2024-8127.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8117 vom 2024-10-18",
"url": "https://linux.oracle.com/errata/ELSA-2024-8117.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8124 vom 2024-10-18",
"url": "https://linux.oracle.com/errata/ELSA-2024-8124.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3929 vom 2024-10-21",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3927 vom 2024-10-21",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00018.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5794 vom 2024-10-21",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00208.html"
},
{
"category": "external",
"summary": "OpenJDK Vulnerability Advisory",
"url": "https://openjdk.org/groups/vulnerability/advisories/2024-10-15"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3802-1 vom 2024-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019718.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7174634"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14449-1 vom 2024-11-02",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CYPS4PNCRNNFM3OYJLTXOMYVAPX5WDWV/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14448-1 vom 2024-11-02",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KDGJD2OULS4GVLFGY4DZH6L7TX3XS7RK/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3875-1 vom 2024-11-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GLU5JTTGFTD7YI4RRECCJZQWTOZHUSNK/"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-147 vom 2024-11-07",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-147/index.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14465-1 vom 2024-11-07",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XKGLVFB244SXCHDTKBD64C7SBDSC7V7W/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7097-1 vom 2024-11-11",
"url": "https://ubuntu.com/security/notices/USN-7097-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7096-1 vom 2024-11-11",
"url": "https://ubuntu.com/security/notices/USN-7096-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7099-1 vom 2024-11-11",
"url": "https://ubuntu.com/security/notices/USN-7099-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7098-1 vom 2024-11-11",
"url": "https://ubuntu.com/security/notices/USN-7098-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3963-1 vom 2024-11-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019804.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3963-1 vom 2024-11-11",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YF4VNHR3FWXUMWTELTEOVDEWZ6SVMYHZ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3987-1 vom 2024-11-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019817.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7124-1 vom 2024-11-25",
"url": "https://ubuntu.com/security/notices/USN-7124-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8116 vom 2024-11-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-8116.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8120 vom 2024-11-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-8120.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-477 vom 2024-12-03",
"url": "https://www.dell.com/support/kbdoc/de-de/000255884/dsa-2024-477-security-update-for-dell-networker-runtime-environment-nre-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7177827 vom 2024-12-04",
"url": "https://www.ibm.com/support/pages/node/7177827"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4202-1 vom 2024-12-05",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XPEHHO3XQ47QD6IA2ZDPCOMANOINIDBP/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7177984 vom 2024-12-05",
"url": "https://www.ibm.com/support/pages/node/7177984"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4252-1 vom 2024-12-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019963.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7178094 vom 2024-12-06",
"url": "https://www.ibm.com/support/pages/node/7178094"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202412-07 vom 2024-12-07",
"url": "https://security.gentoo.org/glsa/202412-07"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10926 vom 2024-12-10",
"url": "https://access.redhat.com/errata/RHSA-2024:10926"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7178390 vom 2024-12-10",
"url": "https://www.ibm.com/support/pages/node/7178390"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4306-1 vom 2024-12-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MXBN2J5OLQHHEFQZKWDMPVG3S6TODMOZ/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2720 vom 2024-12-20",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2720.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7180215 vom 2025-01-03",
"url": "https://www.ibm.com/support/pages/node/7180215"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7180388 vom 2025-01-13",
"url": "https://www.ibm.com/support/pages/node/7180388"
}
],
"source_lang": "en-US",
"title": "Oracle Java SE: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-01-13T23:00:00.000+00:00",
"generator": {
"date": "2025-01-14T13:43:43.133+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-3189",
"initial_release_date": "2024-10-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-16T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-17T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2024-10-20T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-10-21T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-10-28T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-10-30T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-03T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von openSUSE und SUSE aufgenommen"
},
{
"date": "2024-11-06T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-11-07T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2024-11-10T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-11-13T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-11-24T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-11-28T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-12-02T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-12-04T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-12-05T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE und IBM aufgenommen"
},
{
"date": "2024-12-08T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE, IBM und Gentoo aufgenommen"
},
{
"date": "2024-12-10T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat, IBM und IBM-APAR aufgenommen"
},
{
"date": "2024-12-12T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-12-19T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-01-05T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-13T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "24"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Azul Zulu",
"product": {
"name": "Azul Zulu",
"product_id": "T036273",
"product_identification_helper": {
"cpe": "cpe:/a:azul:zulu:-"
}
}
}
],
"category": "vendor",
"name": "Azul"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Runtime Environment \u003c8.0.23",
"product": {
"name": "Dell NetWorker Runtime Environment \u003c8.0.23",
"product_id": "T039544"
}
},
{
"category": "product_version",
"name": "Runtime Environment 8.0.23",
"product": {
"name": "Dell NetWorker Runtime Environment 8.0.23",
"product_id": "T039544-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:runtime_environment__8.0.23"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Command Suite",
"product": {
"name": "Hitachi Command Suite",
"product_id": "T038839",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:command_suite:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Configuration Manager",
"product": {
"name": "Hitachi Configuration Manager",
"product_id": "T038841",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:configuration_manager:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T038840",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c13.0.2.0",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.2.0",
"product_id": "T039657"
}
},
{
"category": "product_version",
"name": "13.0.2.0",
"product": {
"name": "IBM App Connect Enterprise 13.0.2.0",
"product_id": "T039657-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.2.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.12.9",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.9",
"product_id": "T039658"
}
},
{
"category": "product_version",
"name": "12.0.12.9",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.9",
"product_id": "T039658-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.9"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
},
{
"category": "product_name",
"name": "IBM Java",
"product": {
"name": "IBM Java",
"product_id": "10699",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:jre:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
"product_id": "T038741"
}
},
{
"category": "product_version",
"name": "7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
"product_id": "T038741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version",
"name": "6.3.0",
"product": {
"name": "IBM Sterling Connect:Direct 6.3.0",
"product_id": "T040001",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.3.0"
}
}
},
{
"category": "product_version",
"name": "6.4.0",
"product": {
"name": "IBM Sterling Connect:Direct 6.4.0",
"product_id": "T040002",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.4.0"
}
}
}
],
"category": "product_name",
"name": "Sterling Connect:Direct"
},
{
"branches": [
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "IBM WebSphere Application Server 8.5",
"product_id": "703851",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "IBM WebSphere Application Server 9.0",
"product_id": "703852",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0"
}
}
},
{
"category": "product_version",
"name": "liberty",
"product": {
"name": "IBM WebSphere Application Server liberty",
"product_id": "T011504",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:liberty"
}
}
}
],
"category": "product_name",
"name": "WebSphere Application Server"
},
{
"branches": [
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "IBM WebSphere Service Registry and Repository 8.5",
"product_id": "306235",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:8.5"
}
}
}
],
"category": "product_name",
"name": "WebSphere Service Registry and Repository"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source OpenJDK",
"product": {
"name": "Open Source OpenJDK",
"product_id": "580789",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:openjdk:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Oracle GraalVM for JDK 17.0.12",
"product": {
"name": "Oracle Java SE Oracle GraalVM for JDK 17.0.12",
"product_id": "T038438",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12"
}
}
},
{
"category": "product_version",
"name": "Oracle GraalVM for JDK 21.0.4",
"product": {
"name": "Oracle Java SE Oracle GraalVM for JDK 21.0.4",
"product_id": "T038439",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4"
}
}
},
{
"category": "product_version",
"name": "Oracle GraalVM for JDK 23",
"product": {
"name": "Oracle Java SE Oracle GraalVM for JDK 23",
"product_id": "T038440",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_23"
}
}
},
{
"category": "product_version",
"name": "Oracle Java SE 8u421",
"product": {
"name": "Oracle Java SE Oracle Java SE 8u421",
"product_id": "T038441",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_java_se_8u421"
}
}
},
{
"category": "product_version",
"name": "Oracle GraalVM Enterprise Edition 20.3.15",
"product": {
"name": "Oracle Java SE Oracle GraalVM Enterprise Edition 20.3.15",
"product_id": "T038442",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15"
}
}
},
{
"category": "product_version",
"name": "Oracle GraalVM Enterprise Edition 21.3.11",
"product": {
"name": "Oracle Java SE Oracle GraalVM Enterprise Edition 21.3.11",
"product_id": "T038443",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11"
}
}
},
{
"category": "product_version",
"name": "Oracle Java SE 11.0.24",
"product": {
"name": "Oracle Java SE Oracle Java SE 11.0.24",
"product_id": "T038444",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_java_se_11.0.24"
}
}
},
{
"category": "product_version",
"name": "Oracle Java SE 17.0.12",
"product": {
"name": "Oracle Java SE Oracle Java SE 17.0.12",
"product_id": "T038445",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_java_se_17.0.12"
}
}
},
{
"category": "product_version",
"name": "Oracle Java SE 23",
"product": {
"name": "Oracle Java SE Oracle Java SE 23",
"product_id": "T038447",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_java_se_23"
}
}
},
{
"category": "product_version",
"name": "Oracle Java SE 21.0.4",
"product": {
"name": "Oracle Java SE Oracle Java SE 21.0.4",
"product_id": "T038448",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_java_se_21.0.4"
}
}
},
{
"category": "product_version",
"name": "Oracle GraalVM Enterprise Edition: 20.3.15",
"product": {
"name": "Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.15",
"product_id": "T038449",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15"
}
}
}
],
"category": "product_name",
"name": "Java SE"
},
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42950",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-42950"
},
{
"cve": "CVE-2024-21208",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21208"
},
{
"cve": "CVE-2024-21210",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21210"
},
{
"cve": "CVE-2024-21211",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21211"
},
{
"cve": "CVE-2024-21217",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21217"
},
{
"cve": "CVE-2024-21235",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21235"
},
{
"cve": "CVE-2024-25062",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-36138",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-36138"
}
]
}
wid-sec-w-2024-3189
Vulnerability from csaf_certbund
Published
2024-10-15 22:00
Modified
2025-01-13 23:00
Summary
Oracle Java SE: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3189 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3189.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3189 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3189"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Java SE vom 2024-10-15",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixJAVA"
},
{
"category": "external",
"summary": "Azul Zulu builds of OpenJDK vom 2024-10-15",
"url": "https://docs.azul.com/core/pdfs/october-2024/azul-zulu-ca-release-notes-october-2024-rev1.0.pdf"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8120 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8120"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8121 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8121"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8122 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8122"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8119 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8119"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8124 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8124"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8118 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8118"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8128 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8128"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8129 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8129"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8125 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8125"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8127 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8127"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8123 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8123"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8126 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:8126"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8121 vom 2024-10-18",
"url": "https://linux.oracle.com/errata/ELSA-2024-8121.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8116 vom 2024-10-17",
"url": "https://access.redhat.com/errata/RHSA-2024:8116"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8117 vom 2024-10-17",
"url": "https://rhn.redhat.com/errata/RHSA-2024:8117.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8127 vom 2024-10-18",
"url": "https://linux.oracle.com/errata/ELSA-2024-8127.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8117 vom 2024-10-18",
"url": "https://linux.oracle.com/errata/ELSA-2024-8117.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8124 vom 2024-10-18",
"url": "https://linux.oracle.com/errata/ELSA-2024-8124.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3929 vom 2024-10-21",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3927 vom 2024-10-21",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00018.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5794 vom 2024-10-21",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00208.html"
},
{
"category": "external",
"summary": "OpenJDK Vulnerability Advisory",
"url": "https://openjdk.org/groups/vulnerability/advisories/2024-10-15"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3802-1 vom 2024-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019718.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7174634"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14449-1 vom 2024-11-02",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CYPS4PNCRNNFM3OYJLTXOMYVAPX5WDWV/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14448-1 vom 2024-11-02",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KDGJD2OULS4GVLFGY4DZH6L7TX3XS7RK/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3875-1 vom 2024-11-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GLU5JTTGFTD7YI4RRECCJZQWTOZHUSNK/"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-147 vom 2024-11-07",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-147/index.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14465-1 vom 2024-11-07",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XKGLVFB244SXCHDTKBD64C7SBDSC7V7W/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7097-1 vom 2024-11-11",
"url": "https://ubuntu.com/security/notices/USN-7097-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7096-1 vom 2024-11-11",
"url": "https://ubuntu.com/security/notices/USN-7096-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7099-1 vom 2024-11-11",
"url": "https://ubuntu.com/security/notices/USN-7099-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7098-1 vom 2024-11-11",
"url": "https://ubuntu.com/security/notices/USN-7098-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3963-1 vom 2024-11-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019804.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3963-1 vom 2024-11-11",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YF4VNHR3FWXUMWTELTEOVDEWZ6SVMYHZ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3987-1 vom 2024-11-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019817.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7124-1 vom 2024-11-25",
"url": "https://ubuntu.com/security/notices/USN-7124-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8116 vom 2024-11-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-8116.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8120 vom 2024-11-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-8120.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-477 vom 2024-12-03",
"url": "https://www.dell.com/support/kbdoc/de-de/000255884/dsa-2024-477-security-update-for-dell-networker-runtime-environment-nre-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7177827 vom 2024-12-04",
"url": "https://www.ibm.com/support/pages/node/7177827"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4202-1 vom 2024-12-05",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XPEHHO3XQ47QD6IA2ZDPCOMANOINIDBP/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7177984 vom 2024-12-05",
"url": "https://www.ibm.com/support/pages/node/7177984"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4252-1 vom 2024-12-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019963.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7178094 vom 2024-12-06",
"url": "https://www.ibm.com/support/pages/node/7178094"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202412-07 vom 2024-12-07",
"url": "https://security.gentoo.org/glsa/202412-07"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10926 vom 2024-12-10",
"url": "https://access.redhat.com/errata/RHSA-2024:10926"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7178390 vom 2024-12-10",
"url": "https://www.ibm.com/support/pages/node/7178390"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4306-1 vom 2024-12-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MXBN2J5OLQHHEFQZKWDMPVG3S6TODMOZ/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2720 vom 2024-12-20",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2720.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7180215 vom 2025-01-03",
"url": "https://www.ibm.com/support/pages/node/7180215"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7180388 vom 2025-01-13",
"url": "https://www.ibm.com/support/pages/node/7180388"
}
],
"source_lang": "en-US",
"title": "Oracle Java SE: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-01-13T23:00:00.000+00:00",
"generator": {
"date": "2025-01-14T13:43:43.133+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-3189",
"initial_release_date": "2024-10-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-16T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-17T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2024-10-20T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-10-21T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-10-28T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-10-30T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-03T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von openSUSE und SUSE aufgenommen"
},
{
"date": "2024-11-06T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-11-07T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2024-11-10T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-11-13T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-11-24T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-11-28T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-12-02T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-12-04T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-12-05T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE und IBM aufgenommen"
},
{
"date": "2024-12-08T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE, IBM und Gentoo aufgenommen"
},
{
"date": "2024-12-10T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat, IBM und IBM-APAR aufgenommen"
},
{
"date": "2024-12-12T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-12-19T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-01-05T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-13T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "24"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Azul Zulu",
"product": {
"name": "Azul Zulu",
"product_id": "T036273",
"product_identification_helper": {
"cpe": "cpe:/a:azul:zulu:-"
}
}
}
],
"category": "vendor",
"name": "Azul"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Runtime Environment \u003c8.0.23",
"product": {
"name": "Dell NetWorker Runtime Environment \u003c8.0.23",
"product_id": "T039544"
}
},
{
"category": "product_version",
"name": "Runtime Environment 8.0.23",
"product": {
"name": "Dell NetWorker Runtime Environment 8.0.23",
"product_id": "T039544-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:runtime_environment__8.0.23"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Command Suite",
"product": {
"name": "Hitachi Command Suite",
"product_id": "T038839",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:command_suite:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Configuration Manager",
"product": {
"name": "Hitachi Configuration Manager",
"product_id": "T038841",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:configuration_manager:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T038840",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c13.0.2.0",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.2.0",
"product_id": "T039657"
}
},
{
"category": "product_version",
"name": "13.0.2.0",
"product": {
"name": "IBM App Connect Enterprise 13.0.2.0",
"product_id": "T039657-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.2.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.12.9",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.9",
"product_id": "T039658"
}
},
{
"category": "product_version",
"name": "12.0.12.9",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.9",
"product_id": "T039658-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.9"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
},
{
"category": "product_name",
"name": "IBM Java",
"product": {
"name": "IBM Java",
"product_id": "10699",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:jre:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
"product_id": "T038741"
}
},
{
"category": "product_version",
"name": "7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
"product_id": "T038741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version",
"name": "6.3.0",
"product": {
"name": "IBM Sterling Connect:Direct 6.3.0",
"product_id": "T040001",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.3.0"
}
}
},
{
"category": "product_version",
"name": "6.4.0",
"product": {
"name": "IBM Sterling Connect:Direct 6.4.0",
"product_id": "T040002",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.4.0"
}
}
}
],
"category": "product_name",
"name": "Sterling Connect:Direct"
},
{
"branches": [
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "IBM WebSphere Application Server 8.5",
"product_id": "703851",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "IBM WebSphere Application Server 9.0",
"product_id": "703852",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0"
}
}
},
{
"category": "product_version",
"name": "liberty",
"product": {
"name": "IBM WebSphere Application Server liberty",
"product_id": "T011504",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:liberty"
}
}
}
],
"category": "product_name",
"name": "WebSphere Application Server"
},
{
"branches": [
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "IBM WebSphere Service Registry and Repository 8.5",
"product_id": "306235",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:8.5"
}
}
}
],
"category": "product_name",
"name": "WebSphere Service Registry and Repository"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source OpenJDK",
"product": {
"name": "Open Source OpenJDK",
"product_id": "580789",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:openjdk:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Oracle GraalVM for JDK 17.0.12",
"product": {
"name": "Oracle Java SE Oracle GraalVM for JDK 17.0.12",
"product_id": "T038438",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12"
}
}
},
{
"category": "product_version",
"name": "Oracle GraalVM for JDK 21.0.4",
"product": {
"name": "Oracle Java SE Oracle GraalVM for JDK 21.0.4",
"product_id": "T038439",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4"
}
}
},
{
"category": "product_version",
"name": "Oracle GraalVM for JDK 23",
"product": {
"name": "Oracle Java SE Oracle GraalVM for JDK 23",
"product_id": "T038440",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_23"
}
}
},
{
"category": "product_version",
"name": "Oracle Java SE 8u421",
"product": {
"name": "Oracle Java SE Oracle Java SE 8u421",
"product_id": "T038441",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_java_se_8u421"
}
}
},
{
"category": "product_version",
"name": "Oracle GraalVM Enterprise Edition 20.3.15",
"product": {
"name": "Oracle Java SE Oracle GraalVM Enterprise Edition 20.3.15",
"product_id": "T038442",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15"
}
}
},
{
"category": "product_version",
"name": "Oracle GraalVM Enterprise Edition 21.3.11",
"product": {
"name": "Oracle Java SE Oracle GraalVM Enterprise Edition 21.3.11",
"product_id": "T038443",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11"
}
}
},
{
"category": "product_version",
"name": "Oracle Java SE 11.0.24",
"product": {
"name": "Oracle Java SE Oracle Java SE 11.0.24",
"product_id": "T038444",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_java_se_11.0.24"
}
}
},
{
"category": "product_version",
"name": "Oracle Java SE 17.0.12",
"product": {
"name": "Oracle Java SE Oracle Java SE 17.0.12",
"product_id": "T038445",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_java_se_17.0.12"
}
}
},
{
"category": "product_version",
"name": "Oracle Java SE 23",
"product": {
"name": "Oracle Java SE Oracle Java SE 23",
"product_id": "T038447",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_java_se_23"
}
}
},
{
"category": "product_version",
"name": "Oracle Java SE 21.0.4",
"product": {
"name": "Oracle Java SE Oracle Java SE 21.0.4",
"product_id": "T038448",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_java_se_21.0.4"
}
}
},
{
"category": "product_version",
"name": "Oracle GraalVM Enterprise Edition: 20.3.15",
"product": {
"name": "Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.15",
"product_id": "T038449",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15"
}
}
}
],
"category": "product_name",
"name": "Java SE"
},
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42950",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-42950"
},
{
"cve": "CVE-2024-21208",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21208"
},
{
"cve": "CVE-2024-21210",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21210"
},
{
"cve": "CVE-2024-21211",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21211"
},
{
"cve": "CVE-2024-21217",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21217"
},
{
"cve": "CVE-2024-21235",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-21235"
},
{
"cve": "CVE-2024-25062",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-36138",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T011504",
"T038449",
"67646",
"T038445",
"T038841",
"T038447",
"T039658",
"T038448",
"T039657",
"T004914",
"703851",
"T038441",
"703852",
"T038442",
"T038443",
"T038741",
"T038840",
"T038444",
"T038440",
"398363",
"10699",
"T038839",
"T038438",
"T038439",
"T012167",
"T039544",
"T036273",
"2951",
"T002207",
"T000126",
"444803",
"580789",
"T027843",
"T040002",
"T040001",
"306235"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-36138"
}
]
}
ghsa-945q-vj74-93vc
Vulnerability from github
Published
2024-10-15 21:30
Modified
2024-10-15 21:30
Severity ?
Details
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
{
"affected": [],
"aliases": [
"CVE-2024-21211"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-15T20:15:10Z",
"severity": "LOW"
},
"details": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
"id": "GHSA-945q-vj74-93vc",
"modified": "2024-10-15T21:30:38Z",
"published": "2024-10-15T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21211"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.