VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-6889-tn6x-aaaq

Essentials
Severities (93)
References (62)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6889-tn6x-aaaq
Aliases	CVE-2024-20945
Summary	Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).
Status	Published
Exploitability	0.5
Weighted Severity	4.2
Risk	2.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-532

Insertion of Sensitive Information into Log File

System	Score	Found at
cvssv3	4.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20945.json
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
epss	0.00136	https://api.first.org/data/v1/epss?cve=CVE-2024-20945
cvssv3.1	4.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	4.7	https://nvd.nist.gov/vuln/detail/CVE-2024-20945
cvssv3.1	3.1	https://www.oracle.com/security-alerts/cpujan2024.html
cvssv3.1	4.7	https://www.oracle.com/security-alerts/cpujan2024.html
cvssv3.1	5.1	https://www.oracle.com/security-alerts/cpujan2024.html
generic_textual	LOW	https://www.oracle.com/security-alerts/cpujan2024.html
ssvc	Track	https://www.oracle.com/security-alerts/cpujan2024.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20945.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-20945
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20918
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20919
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20921
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20926
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20932
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20945
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20952
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://www.oracle.com/security-alerts/cpujan2024.html
2257874		https://bugzilla.redhat.com/show_bug.cgi?id=2257874
cpe:2.3:a:oracle:graalvm:20.3.12::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.12::::enterprise:::
cpe:2.3:a:oracle:graalvm:21.3.8::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.8::::enterprise:::
cpe:2.3:a:oracle:graalvm:22.3.4::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:22.3.4::::enterprise:::
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*
cpe:2.3:a:oracle:jdk:11.0.21:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.21:::::::*
cpe:2.3:a:oracle:jdk:17.0.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:17.0.9:::::::*
cpe:2.3:a:oracle:jdk:1.8.0:update391:::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update391:::-:::*
cpe:2.3:a:oracle:jdk:1.8.0:update391:::enterprise_performance_pack:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update391:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jdk:21.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:21.0.1:::::::*
cpe:2.3:a:oracle:jre:11.0.21:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.21:::::::*
cpe:2.3:a:oracle:jre:17.0.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:17.0.9:::::::*
cpe:2.3:a:oracle:jre:1.8.0:update391:::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update391:::-:::*
cpe:2.3:a:oracle:jre:1.8.0:update391:::enterprise_performance_pack:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update391:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jre:21.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:21.0.1:::::::*
CVE-2024-20945		https://nvd.nist.gov/vuln/detail/CVE-2024-20945
GLSA-202412-07		https://security.gentoo.org/glsa/202412-07
RHSA-2024:0222		https://access.redhat.com/errata/RHSA-2024:0222
RHSA-2024:0223		https://access.redhat.com/errata/RHSA-2024:0223
RHSA-2024:0224		https://access.redhat.com/errata/RHSA-2024:0224
RHSA-2024:0225		https://access.redhat.com/errata/RHSA-2024:0225
RHSA-2024:0226		https://access.redhat.com/errata/RHSA-2024:0226
RHSA-2024:0228		https://access.redhat.com/errata/RHSA-2024:0228
RHSA-2024:0230		https://access.redhat.com/errata/RHSA-2024:0230
RHSA-2024:0231		https://access.redhat.com/errata/RHSA-2024:0231
RHSA-2024:0232		https://access.redhat.com/errata/RHSA-2024:0232
RHSA-2024:0233		https://access.redhat.com/errata/RHSA-2024:0233
RHSA-2024:0234		https://access.redhat.com/errata/RHSA-2024:0234
RHSA-2024:0235		https://access.redhat.com/errata/RHSA-2024:0235
RHSA-2024:0237		https://access.redhat.com/errata/RHSA-2024:0237
RHSA-2024:0239		https://access.redhat.com/errata/RHSA-2024:0239
RHSA-2024:0240		https://access.redhat.com/errata/RHSA-2024:0240
RHSA-2024:0241		https://access.redhat.com/errata/RHSA-2024:0241
RHSA-2024:0242		https://access.redhat.com/errata/RHSA-2024:0242
RHSA-2024:0244		https://access.redhat.com/errata/RHSA-2024:0244
RHSA-2024:0246		https://access.redhat.com/errata/RHSA-2024:0246
RHSA-2024:0247		https://access.redhat.com/errata/RHSA-2024:0247
RHSA-2024:0248		https://access.redhat.com/errata/RHSA-2024:0248
RHSA-2024:0249		https://access.redhat.com/errata/RHSA-2024:0249
RHSA-2024:0250		https://access.redhat.com/errata/RHSA-2024:0250
RHSA-2024:0265		https://access.redhat.com/errata/RHSA-2024:0265
RHSA-2024:0266		https://access.redhat.com/errata/RHSA-2024:0266
RHSA-2024:0267		https://access.redhat.com/errata/RHSA-2024:0267
RHSA-2024:1481		https://access.redhat.com/errata/RHSA-2024:1481
RHSA-2024:1482		https://access.redhat.com/errata/RHSA-2024:1482
USN-6660-1		https://usn.ubuntu.com/6660-1/
USN-6661-1		https://usn.ubuntu.com/6661-1/
USN-6662-1		https://usn.ubuntu.com/6662-1/
USN-6696-1		https://usn.ubuntu.com/6696-1/
USN-7096-1		https://usn.ubuntu.com/7096-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20945.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-20945

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://www.oracle.com/security-alerts/cpujan2024.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://www.oracle.com/security-alerts/cpujan2024.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.oracle.com/security-alerts/cpujan2024.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T20:14:33Z/ Found at https://www.oracle.com/security-alerts/cpujan2024.html

Exploit Prediction Scoring System (EPSS)

Percentile	0.04904
EPSS Score	0.00024
Published At	April 19, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-01-16T23:46:38.430980+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2