VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-qsrv-1c1q-7fbd

Essentials
Severities (93)
References (54)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-qsrv-1c1q-7fbd
Aliases	CVE-2024-21208
Summary	Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Status	Published
Exploitability	0.5
Weighted Severity	4.5
Risk	2.2
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-130

Improper Handling of Length Parameter Inconsistency

System	Score	Found at
cvssv3	3.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21208.json
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.00128	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
epss	0.004	https://api.first.org/data/v1/epss?cve=CVE-2024-21208
cvssv3.1	3.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	3.7	https://nvd.nist.gov/vuln/detail/CVE-2024-21208
cvssv3.1	3.7	https://nvd.nist.gov/vuln/detail/CVE-2024-21208
cvssv3.1	6.5	https://www.oracle.com/security-alerts/cpuoct2024.html
ssvc	Track	https://www.oracle.com/security-alerts/cpuoct2024.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21208.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-21208
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21208
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1085696		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696
2318526		https://bugzilla.redhat.com/show_bug.cgi?id=2318526
cpe:2.3:a:oracle:graalvm:20.3.15::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.15::::enterprise:::
cpe:2.3:a:oracle:graalvm:21.3.11::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.11::::enterprise:::
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:23:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23:::::::*
cpe:2.3:a:oracle:java_se:11.0.24:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:::::::*
cpe:2.3:a:oracle:java_se:17.0.12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:::::::*
cpe:2.3:a:oracle:java_se:21.0.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:::::::*
cpe:2.3:a:oracle:java_se:23:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:::::::*
cpe:2.3:a:oracle:java_se:8u421:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:::::::*
cpe:2.3:a:oracle:java_se:8u421::::enterprise_performance:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421::::enterprise_performance:::
cpe:2.3:a:oracle:jdk:11.0.24:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.24:::::::*
cpe:2.3:a:oracle:jdk:17.0.12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:17.0.12:::::::*
cpe:2.3:a:oracle:jdk:1.8.0:update421:::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update421:::-:::*
cpe:2.3:a:oracle:jdk:1.8.0:update421:::enterprise_performance_pack:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update421:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jdk:21.0.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:21.0.4:::::::*
cpe:2.3:a:oracle:jdk:23:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:23:::::::*
cpe:2.3:a:oracle:jre:11.0.24:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.24:::::::*
cpe:2.3:a:oracle:jre:17.0.12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:17.0.12:::::::*
cpe:2.3:a:oracle:jre:1.8.0:update421:::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update421:::-:::*
cpe:2.3:a:oracle:jre:1.8.0:update421:::enterprise_performance_pack:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update421:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jre:21.0.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:21.0.4:::::::*
cpe:2.3:a:oracle:jre:23:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:23:::::::*
cpuoct2024.html		https://www.oracle.com/security-alerts/cpuoct2024.html
CVE-2024-21208		https://nvd.nist.gov/vuln/detail/CVE-2024-21208
GLSA-202412-07		https://security.gentoo.org/glsa/202412-07
RHSA-2024:10926		https://access.redhat.com/errata/RHSA-2024:10926
RHSA-2024:8116		https://access.redhat.com/errata/RHSA-2024:8116
RHSA-2024:8117		https://access.redhat.com/errata/RHSA-2024:8117
RHSA-2024:8118		https://access.redhat.com/errata/RHSA-2024:8118
RHSA-2024:8119		https://access.redhat.com/errata/RHSA-2024:8119
RHSA-2024:8120		https://access.redhat.com/errata/RHSA-2024:8120
RHSA-2024:8121		https://access.redhat.com/errata/RHSA-2024:8121
RHSA-2024:8122		https://access.redhat.com/errata/RHSA-2024:8122
RHSA-2024:8123		https://access.redhat.com/errata/RHSA-2024:8123
RHSA-2024:8124		https://access.redhat.com/errata/RHSA-2024:8124
RHSA-2024:8125		https://access.redhat.com/errata/RHSA-2024:8125
RHSA-2024:8126		https://access.redhat.com/errata/RHSA-2024:8126
RHSA-2024:8127		https://access.redhat.com/errata/RHSA-2024:8127
RHSA-2024:8128		https://access.redhat.com/errata/RHSA-2024:8128
RHSA-2024:8129		https://access.redhat.com/errata/RHSA-2024:8129
USN-7096-1		https://usn.ubuntu.com/7096-1/
USN-7097-1		https://usn.ubuntu.com/7097-1/
USN-7098-1		https://usn.ubuntu.com/7098-1/
USN-7099-1		https://usn.ubuntu.com/7099-1/
USN-7124-1		https://usn.ubuntu.com/7124-1/
USN-7338-1		https://usn.ubuntu.com/7338-1/
USN-7339-1		https://usn.ubuntu.com/7339-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21208.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-21208

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-21208

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://www.oracle.com/security-alerts/cpuoct2024.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T13:36:39Z/ Found at https://www.oracle.com/security-alerts/cpuoct2024.html

Exploit Prediction Scoring System (EPSS)

Percentile	0.18047
EPSS Score	0.00046
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-10-16T13:32:24.070021+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-21208	34.0.2