Vulnerability-Lookup

CVE-2024-21235 (GCVE-0-2024-21235)

Vulnerability from cvelistv5 – Published: 2024-10-15 19:52 – Updated: 2025-11-03 21:53

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Severity

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: Oracle Java SE:8u421 Affected: Oracle Java SE:8u421-perf Affected: Oracle Java SE:11.0.24 Affected: Oracle Java SE:17.0.12 Affected: Oracle Java SE:21.0.4 Affected: Oracle Java SE:23 Affected: Oracle GraalVM for JDK:17.0.12 Affected: Oracle GraalVM for JDK:21.0.4 Affected: Oracle GraalVM for JDK:23 Affected: Oracle GraalVM Enterprise Edition:20.3.15 Affected: Oracle GraalVM Enterprise Edition:21.3.11 cpe:2.3:a:oracle:java_se:8u421:::::::* cpe:2.3:a:oracle:java_se:8u421::::enterprise_performance::: cpe:2.3:a:oracle:java_se:11.0.24:::::::* cpe:2.3:a:oracle:java_se:17.0.12:::::::* cpe:2.3:a:oracle:java_se:21.0.4:::::::* cpe:2.3:a:oracle:java_se:23:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:23:::::::* cpe:2.3:a:oracle:graalvm:20.3.15::::enterprise::: cpe:2.3:a:oracle:graalvm:21.3.11::::enterprise:::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21235",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-16T14:30:43.618436Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T17:00:08.660Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:53:14.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*",
            "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
          ],
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.24"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.15"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23;   Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;   Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:46.900Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21235",
    "datePublished": "2024-10-15T19:52:46.900Z",
    "dateReserved": "2023-12-07T22:28:10.698Z",
    "dateUpdated": "2025-11-03T21:53:14.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-21235",
      "date": "2026-05-29",
      "epss": "0.00171",
      "percentile": "0.38064"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-21235\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2024-10-15T20:15:12.643\",\"lastModified\":\"2025-11-03T22:16:43.870\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23;   Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;   Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles afectadas son Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 y 21.3.11. Esta vulnerabilidad, dif\u00edcil de explotar, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserciones o eliminaciones de algunos datos accesibles de Oracle Java SE, Oracle GraalVM for JDK y Oracle GraalVM Enterprise Edition, as\u00ed como acceso no autorizado a lecturas de un subconjunto de datos accesibles de Oracle Java SE, Oracle GraalVM for JDK y Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede explotar mediante el uso de API en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que proporciona datos a las API. Esta vulnerabilidad tambi\u00e9n se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java en entornos aislados, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno aislado de Java para su seguridad. Puntuaci\u00f3n base de CVSS 3.1: 4,8 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"93A899CF-69C5-46A3-BE20-E9F128FB079E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"44A007AC-88D1-4F18-B1AD-C69600AD643C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDDE5C6D-036C-42FC-BD31-366175914F3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4162209C-031A-4AD9-9F19-445236332DA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DD0AB0E-208D-4856-9F31-3A4BB5213FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update421:*:*:-:*:*:*\",\"matchCriteriaId\":\"9C681771-C202-4A4A-A357-A18286023C71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update421:*:*:enterprise_performance_pack:*:*:*\",\"matchCriteriaId\":\"EBBF3C52-6ACD-45F4-9245-719AC2A96473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:11.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"199C19B3-D4FC-4925-A249-9889242B7452\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:17.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0161CF7-985D-4832-B2DC-90CC1F9CB1ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:21.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21DC98DB-A180-4E74-9049-427B60AA574A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9137A4EB-820C-4F05-983A-5534CFB0E019\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update421:*:*:-:*:*:*\",\"matchCriteriaId\":\"C3128079-D0DB-4708-B3C9-74B6A7CCAB98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update421:*:*:enterprise_performance_pack:*:*:*\",\"matchCriteriaId\":\"BDA0765B-413B-4FFF-BC00-94C84FE4BFBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:11.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FE84109-8702-41A7-B18A-C399737EBF27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:17.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EB0A022-55BA-4968-A7CE-619BF1389981\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:21.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29F12FD7-FB8A-4420-83D2-6C94A787A841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5792796D-D244-4382-8DE2-30359F5CD9CD\"}]}]}],\"references\":[{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2024.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/10/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/10/msg00018.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:53:14.636Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21235\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-16T14:30:43.618436Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-16T14:30:48.664Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*\", \"cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*\", \"cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*\", \"cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*\"], \"vendor\": \"Oracle Corporation\", \"product\": \"Oracle Java SE\", \"versions\": [{\"status\": \"affected\", \"version\": \"Oracle Java SE:8u421\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:8u421-perf\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:11.0.24\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:17.0.12\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:21.0.4\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:23\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM for JDK:17.0.12\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM for JDK:21.0.4\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM for JDK:23\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:20.3.15\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:21.3.11\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuoct2024.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23;   Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;   Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2024-10-15T19:52:46.900Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-21235\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:53:14.636Z\", \"dateReserved\": \"2023-12-07T22:28:10.698Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2024-10-15T19:52:46.900Z\", \"assignerShortName\": \"oracle\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2025-0580

Vulnerability from csaf_certbund - Published: 2025-03-17 23:00 - Updated: 2025-08-21 22:00

Summary

IBM License Metric Tool: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Das IBM License Metric Tool dient der Lizenzverwaltung für IBM Produkte.

Angriff: Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen im IBM License Metric Tool ausnutzen, um Daten (Protokolldateien) zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder SSRF-Angriffe durchzuführen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2024-10917

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-12797

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-21208

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-21210

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-21217

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-21235

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-45296

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-52798

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2024-57965

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2025-27111

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2025-27152

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

CVE-2025-25184

Affected products

Known affected 4 products

Product	Identifier	Version
HCL BigFix Compliance HCL / BigFix	`cpe:/a:hcltech:bigfix:compliance`	Compliance
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
IBM License Metric Tool <9.2.39 IBM / License Metric Tool		<9.2.39

References

7 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7186586	external
https://advisories.gitlab.com/pkg/gem/rack/CVE-20…	external
https://github.com/advisories/GHSA-rhx6-c78j-4q9w	external
https://support.hcl-software.com/csm?id=kb_articl…	external
https://www.ibm.com/support/pages/node/7242813	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das IBM License Metric Tool dient der Lizenzverwaltung f\u00fcr IBM Produkte.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen im IBM License Metric Tool ausnutzen, um Daten (Protokolldateien) zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen oder SSRF-Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0580 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0580.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0580 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0580"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-03-17",
        "url": "https://www.ibm.com/support/pages/node/7186586"
      },
      {
        "category": "external",
        "summary": "POC f\u00fcr CVE-2025-25184",
        "url": "https://advisories.gitlab.com/pkg/gem/rack/CVE-2025-25184/"
      },
      {
        "category": "external",
        "summary": "POC f\u00fcr CVE-2024-52798",
        "url": "https://github.com/advisories/GHSA-rhx6-c78j-4q9w"
      },
      {
        "category": "external",
        "summary": "HCL Article KB0120960 vom 2025-05-02",
        "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120960"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7242813 vom 2025-08-21",
        "url": "https://www.ibm.com/support/pages/node/7242813"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM License Metric Tool: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-21T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-22T07:46:14.099+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-0580",
      "initial_release_date": "2025-03-17T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-03-17T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-05-04T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von HCL aufgenommen"
        },
        {
          "date": "2025-08-21T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Compliance",
                "product": {
                  "name": "HCL BigFix Compliance",
                  "product_id": "T038823",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltech:bigfix:compliance"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BigFix"
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.2.39",
                "product": {
                  "name": "IBM License Metric Tool \u003c9.2.39",
                  "product_id": "T041960"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.39",
                "product": {
                  "name": "IBM License Metric Tool 9.2.39",
                  "product_id": "T041960-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:license_metric_tool:9.2.39"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "License Metric Tool"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.6",
                "product": {
                  "name": "IBM Rational Business Developer 9.6",
                  "product_id": "T023629",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_business_developer:9.6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.7",
                "product": {
                  "name": "IBM Rational Business Developer 9.7",
                  "product_id": "T023630",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_business_developer:9.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational Business Developer"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-10917",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-10917"
    },
    {
      "cve": "CVE-2024-12797",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-12797"
    },
    {
      "cve": "CVE-2024-21208",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-21208"
    },
    {
      "cve": "CVE-2024-21210",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-21210"
    },
    {
      "cve": "CVE-2024-21217",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-21217"
    },
    {
      "cve": "CVE-2024-21235",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-21235"
    },
    {
      "cve": "CVE-2024-45296",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-45296"
    },
    {
      "cve": "CVE-2024-52798",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-52798"
    },
    {
      "cve": "CVE-2024-57965",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2024-57965"
    },
    {
      "cve": "CVE-2025-27111",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2025-27111"
    },
    {
      "cve": "CVE-2025-27152",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2025-27152"
    },
    {
      "cve": "CVE-2025-25184",
      "product_status": {
        "known_affected": [
          "T038823",
          "T023630",
          "T023629",
          "T041960"
        ]
      },
      "release_date": "2025-03-17T23:00:00.000+00:00",
      "title": "CVE-2025-25184"
    }
  ]
}

WID-SEC-W-2025-0794

Vulnerability from csaf_certbund - Published: 2025-04-13 22:00 - Updated: 2025-09-04 22:00

Summary

Juniper Junos Space: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen für das Netzwerkmanagement beinhaltet.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Juniper Junos Space ausnutzen, um seine Privilegien zu erhöhen, um einen Denial of Service Zustand herbeizuführen und um andere, nicht näher spezifizierte Auswirkungen zu erzielen.

Betroffene Betriebssysteme: - Juniper Appliance

CVE-2021-47596

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2022-24808

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2022-39253

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2023-28746

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2023-48161

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2023-6597

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-0450

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-1737

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-1975

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-21208

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-21210

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-21217

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-21235

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-21823

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-23271

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-26735

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-26852

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-26993

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-27052

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-27820

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-27838

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-27851

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-28182

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-2961

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-32002

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-32004

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-32020

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-32021

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-32465

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-33599

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-33600

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-33601

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-33602

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-35845

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-35899

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-3651

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-3652

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-36971

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-39487

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-4076

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-40782

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-40789

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-40866

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-40954

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-40958

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-42284

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-42472

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-44187

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-6232

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2024-7006

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Juniper Junos Space <24.1R3 Juniper / Junos Space		<24.1R3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

References

5 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://supportportal.juniper.net/s/article/2025-…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://alas.aws.amazon.com/AL2/ALAS2-2025-2987.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen f\u00fcr das Netzwerkmanagement beinhaltet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Juniper Junos Space ausnutzen, um seine Privilegien zu erh\u00f6hen, um einen Denial of Service Zustand herbeizuf\u00fchren und um andere, nicht n\u00e4her spezifizierte Auswirkungen zu erzielen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Juniper Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0794 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0794.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0794 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0794"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin JSA96447 vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R3-release?language=en_US"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20047-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021306.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-2987 vom 2025-09-04",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-2987.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper Junos Space: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-09-04T22:00:00.000+00:00",
      "generator": {
        "date": "2025-09-05T07:11:18.754+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-0794",
      "initial_release_date": "2025-04-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-06-04T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-09-04T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Amazon aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c24.1R3",
                "product": {
                  "name": "Juniper Junos Space \u003c24.1R3",
                  "product_id": "T042758"
                }
              },
              {
                "category": "product_version",
                "name": "24.1R3",
                "product": {
                  "name": "Juniper Junos Space 24.1R3",
                  "product_id": "T042758-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:juniper:junos_space:24.1r3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Junos Space"
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-47596",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2021-47596"
    },
    {
      "cve": "CVE-2022-24808",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2022-24808"
    },
    {
      "cve": "CVE-2022-39253",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2022-39253"
    },
    {
      "cve": "CVE-2023-28746",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2023-28746"
    },
    {
      "cve": "CVE-2023-48161",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2023-48161"
    },
    {
      "cve": "CVE-2023-6597",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2023-6597"
    },
    {
      "cve": "CVE-2024-0450",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-0450"
    },
    {
      "cve": "CVE-2024-1737",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-1737"
    },
    {
      "cve": "CVE-2024-1975",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-1975"
    },
    {
      "cve": "CVE-2024-21208",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-21208"
    },
    {
      "cve": "CVE-2024-21210",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-21210"
    },
    {
      "cve": "CVE-2024-21217",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-21217"
    },
    {
      "cve": "CVE-2024-21235",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-21235"
    },
    {
      "cve": "CVE-2024-21823",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-21823"
    },
    {
      "cve": "CVE-2024-23271",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-23271"
    },
    {
      "cve": "CVE-2024-26735",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-26735"
    },
    {
      "cve": "CVE-2024-26852",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-26852"
    },
    {
      "cve": "CVE-2024-26993",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-26993"
    },
    {
      "cve": "CVE-2024-27052",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-27052"
    },
    {
      "cve": "CVE-2024-27820",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-27820"
    },
    {
      "cve": "CVE-2024-27838",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-27838"
    },
    {
      "cve": "CVE-2024-27851",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-27851"
    },
    {
      "cve": "CVE-2024-28182",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-28182"
    },
    {
      "cve": "CVE-2024-2961",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-2961"
    },
    {
      "cve": "CVE-2024-32002",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-32002"
    },
    {
      "cve": "CVE-2024-32004",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-32004"
    },
    {
      "cve": "CVE-2024-32020",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-32020"
    },
    {
      "cve": "CVE-2024-32021",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-32021"
    },
    {
      "cve": "CVE-2024-32465",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-32465"
    },
    {
      "cve": "CVE-2024-33599",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-33599"
    },
    {
      "cve": "CVE-2024-33600",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-33600"
    },
    {
      "cve": "CVE-2024-33601",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-33601"
    },
    {
      "cve": "CVE-2024-33602",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-33602"
    },
    {
      "cve": "CVE-2024-35845",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-35845"
    },
    {
      "cve": "CVE-2024-35899",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-35899"
    },
    {
      "cve": "CVE-2024-3651",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-3651"
    },
    {
      "cve": "CVE-2024-3652",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-3652"
    },
    {
      "cve": "CVE-2024-36971",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-36971"
    },
    {
      "cve": "CVE-2024-39487",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-39487"
    },
    {
      "cve": "CVE-2024-4076",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-4076"
    },
    {
      "cve": "CVE-2024-40782",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-40782"
    },
    {
      "cve": "CVE-2024-40789",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-40789"
    },
    {
      "cve": "CVE-2024-40866",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-40866"
    },
    {
      "cve": "CVE-2024-40954",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-40954"
    },
    {
      "cve": "CVE-2024-40958",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-40958"
    },
    {
      "cve": "CVE-2024-42284",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-42284"
    },
    {
      "cve": "CVE-2024-42472",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-42472"
    },
    {
      "cve": "CVE-2024-44187",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-44187"
    },
    {
      "cve": "CVE-2024-6232",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-6232"
    },
    {
      "cve": "CVE-2024-7006",
      "product_status": {
        "known_affected": [
          "T002207",
          "T042758",
          "398363"
        ]
      },
      "release_date": "2025-04-13T22:00:00.000+00:00",
      "title": "CVE-2024-7006"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-21235 (GCVE-0-2024-21235)

WID-SEC-W-2025-0580

WID-SEC-W-2025-0794

Tags

Sightings

Nomenclature