System	Score	Found at
cvssv3	3.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20954.json
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-20954
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-20954
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-20954
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-20954
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-20954
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-20954
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-20954
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-20954
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-20954
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-20954
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-20954
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-20954
cvssv3.1	3.7	https://www.oracle.com/security-alerts/cpuapr2024.html
ssvc	Track	https://www.oracle.com/security-alerts/cpuapr2024.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20954.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-20954
2278636		https://bugzilla.redhat.com/show_bug.cgi?id=2278636
cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
cpuapr2024.html		https://www.oracle.com/security-alerts/cpuapr2024.html
RHSA-2024:4079		https://access.redhat.com/errata/RHSA-2024:4079
RHSA-2024:4081		https://access.redhat.com/errata/RHSA-2024:4081
RHSA-2025:1154		https://access.redhat.com/errata/RHSA-2025:1154

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20954.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://www.oracle.com/security-alerts/cpuapr2024.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

---

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-30T16:00:30Z/ Found at https://www.oracle.com/security-alerts/cpuapr2024.html

---

Percentile	0.57426
EPSS Score	0.00349
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:48:22.988411+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20954.json	38.0.0