Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-21144 (GCVE-0-2024-21144)
Vulnerability from cvelistv5 – Published: 2024-07-16 22:39 – Updated: 2025-03-25 16:48
VLAI
EPSS
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Severity
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.oracle.com/security-alerts/cpujul2024.html | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2024071… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Affected:
Oracle Java SE:8u411
Affected: Oracle Java SE:8u411-perf Affected: Oracle Java SE:11.0.23 Affected: Oracle GraalVM Enterprise Edition:20.3.14 Affected: Oracle GraalVM Enterprise Edition:21.3.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T14:20:24.869765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:48:54.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:13:42.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240719-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:8u411"
},
{
"status": "affected",
"version": "Oracle Java SE:8u411-perf"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.23"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.14"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.10"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T13:06:18.095Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240719-0007/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21144",
"datePublished": "2024-07-16T22:39:58.306Z",
"dateReserved": "2023-12-07T22:28:10.683Z",
"dateUpdated": "2025-03-25T16:48:54.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-21144",
"date": "2026-05-27",
"epss": "0.00049",
"percentile": "0.15506"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-21144\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2024-07-16T23:15:15.810\",\"lastModified\":\"2024-12-16T20:13:40.827\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Concurrencia). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 y 21.3.10. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en espacio aislado o subprogramas de Java en espacio aislado, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\u00f3lo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntuaci\u00f3n base 3.7 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:-:*:*:*\",\"matchCriteriaId\":\"B43C161D-E6DE-402A-831E-4F8BB9B75826\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*\",\"matchCriteriaId\":\"54DCB9FD-A3FB-4901-A13F-9064921C77C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:11.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21F9B73E-696B-4F6B-A019-83A68179E422\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:-:*:*:*\",\"matchCriteriaId\":\"9A51F12C-42D0-41BC-A9DB-F2934BA1384B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update411:*:*:enterprise_performance_pack:*:*:*\",\"matchCriteriaId\":\"F70BAD0D-1601-4C61-B6B2-1A1DBB48B067\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:11.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49A5200E-E144-4C02-BAAB-8EAF734EEC5F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.3.14:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"AA5074F2-F35B-499E-A181-E272449B044D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:21.3.10:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"39F28D35-48E1-450D-884A-D2578C99E8EC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]}],\"references\":[{\"url\":\"https://security.netapp.com/advisory/ntap-20240719-0007/\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2024.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240719-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpujul2024.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240719-0007/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:13:42.672Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21144\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-17T14:20:24.869765Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-17T14:20:32.085Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Java SE JDK and JRE\", \"versions\": [{\"status\": \"affected\", \"version\": \"Oracle Java SE:8u411\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:8u411-perf\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:11.0.23\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:20.3.14\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:21.3.10\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpujul2024.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240719-0007/\"}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2024-07-19T13:06:18.095Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-21144\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-25T16:48:54.241Z\", \"dateReserved\": \"2023-12-07T22:28:10.683Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2024-07-16T22:39:58.306Z\", \"assignerShortName\": \"oracle\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2024:4563
Vulnerability from osv_almalinux
Published
2024-07-17 00:00
Modified
2024-07-26 15:12
Summary
Important: java-1.8.0-openjdk security update
Details
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
- OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147)
- OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131)
- OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138)
- OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140)
- OpenJDK: Pack200 increase loading time due to improper header validation (8322106) (CVE-2024-21144)
- OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-accessibility"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-accessibility-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-accessibility-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-demo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-demo-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-demo-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-devel-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-devel-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-headless-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-headless-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-javadoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-javadoc-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-src"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-src-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-src-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-demo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-demo-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-demo-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-devel-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-devel-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-headless-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-headless-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-javadoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-javadoc-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-src"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-src-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-src-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.422.b05-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147)\n* OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131)\n* OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138)\n* OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140)\n* OpenJDK: Pack200 increase loading time due to improper header validation (8322106) (CVE-2024-21144)\n* OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:4563",
"modified": "2024-07-26T15:12:19Z",
"published": "2024-07-17T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:4563"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-21131"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-21138"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-21140"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-21144"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-21145"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-21147"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297961"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297962"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297963"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297964"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297976"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297977"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-4563.html"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-4563.html"
}
],
"related": [
"CVE-2024-21147",
"CVE-2024-21131",
"CVE-2024-21138",
"CVE-2024-21140",
"CVE-2024-21144",
"CVE-2024-21145"
],
"summary": "Important: java-1.8.0-openjdk security update"
}
alsa-2024:4567
Vulnerability from osv_almalinux
Published
2024-07-16 00:00
Modified
2024-07-26 15:21
Summary
Important: java-11-openjdk security update
Details
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Security Fix(es):
- OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147)
- OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131)
- OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138)
- OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140)
- OpenJDK: Pack200 increase loading time due to improper header validation (8322106) (CVE-2024-21144)
- OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-demo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-demo-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-demo-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-devel-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-devel-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-headless-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-headless-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-javadoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-javadoc-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-jmods"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-jmods-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-jmods-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-src"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-src-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-src-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-static-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-static-libs-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-11-openjdk-static-libs-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-demo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-demo-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-demo-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-devel-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-devel-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-headless-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-headless-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-javadoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-javadoc-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-jmods"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-jmods-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-jmods-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-src"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-src-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-src-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-static-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-static-libs-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-11-openjdk-static-libs-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:11.0.24.0.8-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147)\n* OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131)\n* OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138)\n* OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140)\n* OpenJDK: Pack200 increase loading time due to improper header validation (8322106) (CVE-2024-21144)\n* OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:4567",
"modified": "2024-07-26T15:21:27Z",
"published": "2024-07-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:4567"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-21131"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-21138"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-21140"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-21144"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-21145"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-21147"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297961"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297962"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297963"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297964"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297976"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297977"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-4567.html"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-4567.html"
}
],
"related": [
"CVE-2024-21147",
"CVE-2024-21131",
"CVE-2024-21138",
"CVE-2024-21140",
"CVE-2024-21144",
"CVE-2024-21145"
],
"summary": "Important: java-11-openjdk security update"
}
BDU:2024-06285
Vulnerability from fstec - Published: 16.07.2024
VLAI
Title
Уязвимость компонента Concurrency виртуальных машин Oracle GraalVM Enterprise Edition и программной платформы Oracle Java SE, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость компонента Concurrency виртуальных машин Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK и программной платформы Oracle Java SE связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity
Vendor
Red Hat Inc., Novell Inc., NetApp Inc., Canonical Ltd., Сообщество свободного программного обеспечения, ООО «Ред Софт», Oracle Corp., Axiom JDK, АО "НППКТ"
Software Name
Red Hat Enterprise Linux, OpenSUSE Leap, Suse Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, OnCommand Workflow Automation, openSUSE Tumbleweed, Ubuntu, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), SUSE Linux Enterprise High Performance Computing, SUSE Manager Retail Branch Server, SUSE Manager Proxy, SUSE Manager Server, SUSE Enterprise Storage, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Module for Basesystem, SUSE Linux Enterprise Module for Legacy Software, SUSE Linux Enterprise Module for Package Hub, SUSE Liberty Linux, GraalVM Enterprise Edition, Java SE, Red Hat build of OpenJDK, Axiom AxiomJDK, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
7 (Red Hat Enterprise Linux), 15.5 (OpenSUSE Leap), 8 (Red Hat Enterprise Linux), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), - (OnCommand Workflow Automation), - (openSUSE Tumbleweed), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 7.3 (РЕД ОС), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), 15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 15 SP2-LTSS (Suse Linux Enterprise Server), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 7.1 (SUSE Enterprise Storage), 8.2 Advanced Update Support (Red Hat Enterprise Linux), 15 SP3-LTSS (Suse Linux Enterprise Server), 15 SP3-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Module for Basesystem), 15 SP5 (SUSE Linux Enterprise Module for Legacy Software), 18.04 ESM (Ubuntu), 8.4 Telecommunications Update Service (Red Hat Enterprise Linux), 8.4 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 15 SP5 (SUSE Linux Enterprise Module for Package Hub), 9 (SUSE Liberty Linux), 8.8 Extended Update Support (Red Hat Enterprise Linux), 9.2 Extended Update Support (Red Hat Enterprise Linux), 8 (SUSE Liberty Linux), 15 SP4-ESPOS (SUSE Linux Enterprise High Performance Computing), 15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP4-LTSS (Suse Linux Enterprise Server), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15 SP6 (SUSE Linux Enterprise High Performance Computing), 15 SP6 (SUSE Linux Enterprise Module for Package Hub), 24.04 LTS (Ubuntu), 15.6 (OpenSUSE Leap), 9.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Telecommunications Update Service (Red Hat Enterprise Linux), 8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 20.3.14 (GraalVM Enterprise Edition), 21.3.10 (GraalVM Enterprise Edition), 8u411 (Java SE), 8u411-perf (Java SE), 11.0.23 (Java SE), 11.0.24 (Red Hat build of OpenJDK), 8u422 (Red Hat build of OpenJDK), 7 Extended Lifecycle Support (Red Hat Enterprise Linux), 15 SP6 (SUSE Linux Enterprise Module for Legacy Software), до 8u422 (Axiom AxiomJDK), до 11.0.24 (Axiom AxiomJDK), до 2.13 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpujul2024.html
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2024-21144
Для программных продуктов NetApp Inc.:
https://security.netapp.com/advisory/ntap-20240719-0007/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-21144
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2024-21144.html
Для Ubuntu:
https://ubuntu.com/security/notices/USN-6930-1
https://ubuntu.com/security/notices/USN-6929-1
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для AxiomJDK:
https://axiomjdk.ru/pages/downloads/
Обновление программного обеспечения openjdk-11 до версии 11.0.27+6.repack-1~deb11u1.osnova2u1
Reference
https://www.oracle.com/security-alerts/cpujul2024.html
https://security.netapp.com/advisory/ntap-20240719-0007/
https://vuldb.com/ru/?id.271740
https://security-tracker.debian.org/tracker/CVE-2024-21144
https://access.redhat.com/security/cve/CVE-2024-21144
https://www.suse.com/security/cve/CVE-2024-21144.html
https://ubuntu.com/security/notices/USN-6930-1
https://ubuntu.com/security/notices/USN-6929-1
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://axiomjdk.ru/pages/downloads/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.13/
CWE
CWE-404
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Novell Inc., NetApp Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Oracle Corp., Axiom JDK, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 15.5 (OpenSUSE Leap), 8 (Red Hat Enterprise Linux), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), - (OnCommand Workflow Automation), - (openSUSE Tumbleweed), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), 15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 15 SP2-LTSS (Suse Linux Enterprise Server), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 7.1 (SUSE Enterprise Storage), 8.2 Advanced Update Support (Red Hat Enterprise Linux), 15 SP3-LTSS (Suse Linux Enterprise Server), 15 SP3-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Module for Basesystem), 15 SP5 (SUSE Linux Enterprise Module for Legacy Software), 18.04 ESM (Ubuntu), 8.4 Telecommunications Update Service (Red Hat Enterprise Linux), 8.4 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 15 SP5 (SUSE Linux Enterprise Module for Package Hub), 9 (SUSE Liberty Linux), 8.8 Extended Update Support (Red Hat Enterprise Linux), 9.2 Extended Update Support (Red Hat Enterprise Linux), 8 (SUSE Liberty Linux), 15 SP4-ESPOS (SUSE Linux Enterprise High Performance Computing), 15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP4-LTSS (Suse Linux Enterprise Server), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15 SP6 (SUSE Linux Enterprise High Performance Computing), 15 SP6 (SUSE Linux Enterprise Module for Package Hub), 24.04 LTS (Ubuntu), 15.6 (OpenSUSE Leap), 9.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Telecommunications Update Service (Red Hat Enterprise Linux), 8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 20.3.14 (GraalVM Enterprise Edition), 21.3.10 (GraalVM Enterprise Edition), 8u411 (Java SE), 8u411-perf (Java SE), 11.0.23 (Java SE), 11.0.24 (Red Hat build of OpenJDK), 8u422 (Red Hat build of OpenJDK), 7 Extended Lifecycle Support (Red Hat Enterprise Linux), 15 SP6 (SUSE Linux Enterprise Module for Legacy Software), \u0434\u043e 8u422 (Axiom AxiomJDK), \u0434\u043e 11.0.24 (Axiom AxiomJDK), \u0434\u043e 2.13 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpujul2024.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2024-21144\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 NetApp Inc.:\nhttps://security.netapp.com/advisory/ntap-20240719-0007/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-21144\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2024-21144.html\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-6930-1\nhttps://ubuntu.com/security/notices/USN-6929-1\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f AxiomJDK:\nhttps://axiomjdk.ru/pages/downloads/\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f openjdk-11 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 11.0.27+6.repack-1~deb11u1.osnova2u1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.07.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "09.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.08.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-06285",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-21144",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, OpenSUSE Leap, Suse Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, OnCommand Workflow Automation, openSUSE Tumbleweed, Ubuntu, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), SUSE Linux Enterprise High Performance Computing, SUSE Manager Retail Branch Server, SUSE Manager Proxy, SUSE Manager Server, SUSE Enterprise Storage, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Module for Basesystem, SUSE Linux Enterprise Module for Legacy Software, SUSE Linux Enterprise Module for Package Hub, SUSE Liberty Linux, GraalVM Enterprise Edition, Java SE, Red Hat build of OpenJDK, Axiom AxiomJDK, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux - , Novell Inc. OpenSUSE Leap 15.5 , Microsoft Corp Windows - , Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. Suse Linux Enterprise Server 12 SP5 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5 , Novell Inc. openSUSE Tumbleweed - , Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4 , Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS , Red Hat Inc. Red Hat Enterprise Linux 8.2 Advanced Update Support , Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5 , Novell Inc. Suse Linux Enterprise Server 15 SP5 , Novell Inc. Suse Linux Enterprise Desktop 15 SP5 , Canonical Ltd. Ubuntu 18.04 ESM , Red Hat Inc. Red Hat Enterprise Linux 8.4 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support , Novell Inc. SUSE Liberty Linux 9 , Red Hat Inc. Red Hat Enterprise Linux 8.8 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 9.2 Extended Update Support , Novell Inc. SUSE Liberty Linux 8 , Novell Inc. Suse Linux Enterprise Server 15 SP4-LTSS , Novell Inc. Suse Linux Enterprise Server 15 SP6 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6 , Canonical Ltd. Ubuntu 24.04 LTS , Novell Inc. OpenSUSE Leap 15.6 , Red Hat Inc. Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support , Red Hat Inc. Red Hat Enterprise Linux 7 Extended Lifecycle Support , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.13 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Concurrency \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d Oracle GraalVM Enterprise Edition \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Oracle Java SE, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u0430 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 (CWE-404)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Concurrency \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Oracle Java SE \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.oracle.com/security-alerts/cpujul2024.html\nhttps://security.netapp.com/advisory/ntap-20240719-0007/\nhttps://vuldb.com/ru/?id.271740\nhttps://security-tracker.debian.org/tracker/CVE-2024-21144\nhttps://access.redhat.com/security/cve/CVE-2024-21144\nhttps://www.suse.com/security/cve/CVE-2024-21144.html\nhttps://ubuntu.com/security/notices/USN-6930-1\nhttps://ubuntu.com/security/notices/USN-6929-1\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://axiomjdk.ru/pages/downloads/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.13/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-404",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 2,6)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,7)"
}
bit-java-2024-21144
Vulnerability from bitnami_vulndb
Published
2026-05-06 14:44
Modified
2026-05-08 06:11
Summary
Details
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "java",
"purl": "pkg:bitnami/java"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.0"
},
{
"introduced": "1.9.0"
},
{
"fixed": "8.0.421"
},
{
"introduced": "9.0.0"
},
{
"fixed": "11.0.24"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2024-21144"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:bellsoft:libericajdk:*:*:*:*:*:*:*:*"
],
"severity": "Low"
},
"details": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"id": "BIT-java-2024-21144",
"modified": "2026-05-08T06:11:36.072Z",
"published": "2026-05-06T14:44:38.790Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21144"
},
{
"type": "WEB",
"url": "https://openjdk.org/groups/vulnerability/advisories/2024-07-16"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240719-0007/"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"schema_version": "1.6.2"
}
bit-jre-2024-21144
Vulnerability from bitnami_vulndb
Published
2026-05-08 05:46
Modified
2026-05-08 06:11
Summary
Details
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "jre",
"purl": "pkg:bitnami/jre"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.0"
},
{
"introduced": "1.9.0"
},
{
"fixed": "8.0.421"
},
{
"introduced": "9.0.0"
},
{
"fixed": "11.0.24"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2024-21144"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:bellsoft:libericajre:*:*:*:*:*:*:*:*"
],
"severity": "Low"
},
"details": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"id": "BIT-jre-2024-21144",
"modified": "2026-05-08T06:11:36.072Z",
"published": "2026-05-08T05:46:15.285Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21144"
},
{
"type": "WEB",
"url": "https://openjdk.org/groups/vulnerability/advisories/2024-07-16"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240719-0007/"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"schema_version": "1.6.2"
}
CERTFR-2024-AVI-0594
Vulnerability from certfr_avis - Published: 2024-07-17 - Updated: 2024-07-17
De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Java SE | Java SE versions 11.x antérieures à 11.0.24, versions 17.x antérieures à 17.0.12, versions 21.x antérieures à 21.0.4 et versions 22.x antérieures à 22.0.2 | ||
| Oracle | Java SE | GraalVM for JDK versions 17.x antérieures à 17.0.12, versions 21.x antérieures à 21.0.4 et versions 22.x antérieures à 22.0.2 | ||
| Oracle | Java SE | GraalVM Enterprise Edition versions 20.x antérieures à 20.3.15 et versions 21.x antérieures à 21.3.11 | ||
| Oracle | Java SE | Java SE versions 8u411 et 8u411-perf sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Java SE versions 11.x ant\u00e9rieures \u00e0 11.0.24, versions 17.x ant\u00e9rieures \u00e0 17.0.12, versions 21.x ant\u00e9rieures \u00e0 21.0.4 et versions 22.x ant\u00e9rieures \u00e0 22.0.2",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "GraalVM for JDK versions 17.x ant\u00e9rieures \u00e0 17.0.12, versions 21.x ant\u00e9rieures \u00e0 21.0.4 et versions 22.x ant\u00e9rieures \u00e0 22.0.2 ",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "GraalVM Enterprise Edition versions 20.x ant\u00e9rieures \u00e0 20.3.15 et versions 21.x ant\u00e9rieures \u00e0 21.3.11",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Java SE versions 8u411 et 8u411-perf sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
}
],
"initial_release_date": "2024-07-17T00:00:00",
"last_revision_date": "2024-07-17T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0594",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
"vendor_advisories": [
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2024",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixJAVA"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2024verbose",
"url": "https://www.oracle.com/security-alerts/cpujul2024verbose.html#JAVA"
}
]
}
CERTFR-2024-AVI-0692
Vulnerability from certfr_avis - Published: 2024-08-16 - Updated: 2024-08-16
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | Security QRadar EDR versions 3.12.x antérieures à 3.12.10 | ||
| IBM | WebSphere | IBM WebSphere Application Server version 9.0 avec Java Technology Edition versions antérieures à 8 Service Refresh 8 FP30 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.2.x à 7.5.x antérieures à 7.5.3 | ||
| IBM | Db2 | Db2 versions 11.5.x sans le dernier correctif de sécurité | ||
| IBM | AIX | AIX version 7.3 avec un version de Python 3.9 antérieure à 3.9.19.2 | ||
| IBM | QRadar SIEM | QRadar Suite versions 1.10.x antérieures à 1.10.24.0 | ||
| IBM | VIOS | VIOS version 4.1 avec un version de Python 3.9 antérieure à 3.9.19.2 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 8.5.x antérieures à 8.5.5.11 ou sans le correctif de sécurité temporaire PH62458 | ||
| IBM | Sterling Connect:Direct | Sterling Control Center versions 6.2.x antérieures à 6.2.1.0 GA iFix13 | ||
| IBM | Sterling Connect:Direct | Sterling Control Center versions 6.3.x antérieures à 6.3.1.0 GA iFix02 | ||
| IBM | Cognos Analytics | Cognos Dashboards on Cloud Pak for Data versions antérieures à 5.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures \u00e0 3.12.10",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server version 9.0 avec Java Technology Edition versions ant\u00e9rieures \u00e0 8 Service Refresh 8 FP30",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.2.x \u00e0 7.5.x ant\u00e9rieures \u00e0 7.5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 11.5.x sans le dernier correctif de s\u00e9curit\u00e9 ",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 avec un version de Python 3.9 ant\u00e9rieure \u00e0 3.9.19.2",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite versions 1.10.x ant\u00e9rieures \u00e0 1.10.24.0",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 avec un version de Python 3.9 ant\u00e9rieure \u00e0 3.9.19.2",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.11 ou sans le correctif de s\u00e9curit\u00e9 temporaire PH62458",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.2.x ant\u00e9rieures \u00e0 6.2.1.0 GA iFix13",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.x ant\u00e9rieures \u00e0 6.3.1.0 GA iFix02",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.0.0",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2023-23613",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23613"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-39008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39008"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-22353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
},
{
"name": "CVE-2023-29256",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29256"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2023-30431",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30431"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-25024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25024"
},
{
"name": "CVE-2024-22361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-35012",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35012"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-30443",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30443"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2023-27869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27869"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2023-30446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30446"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2023-27868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27868"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-37168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37168"
},
{
"name": "CVE-2024-28176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2022-41917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41917"
},
{
"name": "CVE-2024-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
},
{
"name": "CVE-2024-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22233"
},
{
"name": "CVE-2023-30445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30445"
},
{
"name": "CVE-2023-30447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30447"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2023-30442",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30442"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2024-30261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30261"
},
{
"name": "CVE-2023-27867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27867"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2024-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-30448",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30448"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2023-27558",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27558"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2023-30449",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30449"
},
{
"name": "CVE-2023-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2004"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-36046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36046"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2024-30260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30260"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2023-23487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23487"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-28799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28799"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2023-23612",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23612"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
}
],
"initial_release_date": "2024-08-16T00:00:00",
"last_revision_date": "2024-08-16T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0692",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-08-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7165247",
"url": "https://www.ibm.com/support/pages/node/7165247"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7165360",
"url": "https://www.ibm.com/support/pages/node/7165360"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7165340",
"url": "https://www.ibm.com/support/pages/node/7165340"
},
{
"published_at": "2024-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7165344",
"url": "https://www.ibm.com/support/pages/node/7165344"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7165423",
"url": "https://www.ibm.com/support/pages/node/7165423"
},
{
"published_at": "2024-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7165284",
"url": "https://www.ibm.com/support/pages/node/7165284"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7165362",
"url": "https://www.ibm.com/support/pages/node/7165362"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7165364",
"url": "https://www.ibm.com/support/pages/node/7165364"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7165363",
"url": "https://www.ibm.com/support/pages/node/7165363"
},
{
"published_at": "2024-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7165488",
"url": "https://www.ibm.com/support/pages/node/7165488"
},
{
"published_at": "2024-08-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7165685",
"url": "https://www.ibm.com/support/pages/node/7165685"
}
]
}
CERTFR-2024-AVI-0797
Vulnerability from certfr_avis - Published: 2024-09-20 - Updated: 2024-09-20
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | Spectrum Control versions 5.4.x antérieures à 5.4.12.1 | ||
| IBM | Db2 | DB2 Query Management Facility pour z/OS versions 12.2 et 13.1 sans la dernière version du JRE | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP9 IF03 | ||
| IBM | AIX | AIX version 7.3 avec Python versions 3.9.x antérieures à 3.9.19.3 | ||
| IBM | VIOS | VIOS version 4.1 avec Python versions 3.9.x antérieures à 3.9.19.3 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Spectrum Control versions 5.4.x ant\u00e9rieures \u00e0 5.4.12.1",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Query Management Facility pour z/OS versions 12.2 et 13.1 sans la derni\u00e8re version du JRE",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP9 IF03",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 avec Python versions 3.9.x ant\u00e9rieures \u00e0 3.9.19.3",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 avec Python versions 3.9.x ant\u00e9rieures \u00e0 3.9.19.3",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42472"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-26906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2024-26982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
}
],
"initial_release_date": "2024-09-20T00:00:00",
"last_revision_date": "2024-09-20T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0797",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-09-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7168925",
"url": "https://www.ibm.com/support/pages/node/7168925"
},
{
"published_at": "2024-09-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7168815",
"url": "https://www.ibm.com/support/pages/node/7168815"
},
{
"published_at": "2024-09-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7168787",
"url": "https://www.ibm.com/support/pages/node/7168787"
},
{
"published_at": "2024-09-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7168639",
"url": "https://www.ibm.com/support/pages/node/7168639"
}
]
}
CERTFR-2024-AVI-0841
Vulnerability from certfr_avis - Published: 2024-10-04 - Updated: 2024-10-04
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | Cloud Application Business Insights versions 1.1.8.x sans le correctif de sécurité ICABI FixPack 1.1.8.5 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à v5.0.3 | ||
| IBM | N/A | Cloud Application Business Insights versions 1.1.7.x sans le correctif de sécurité ICABI FixPack 1.1.7.10 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à v5.0.3 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Application Business Insights versions 1.1.8.x sans le correctif de s\u00e9curit\u00e9 ICABI FixPack 1.1.8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.0.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Application Business Insights versions 1.1.7.x sans le correctif de s\u00e9curit\u00e9 ICABI FixPack 1.1.7.10",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.0.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2024-3154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3154"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2024-23650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23650"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2024-27280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2023-25613",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25613"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2024-39249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39249"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2023-41993",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41993"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2024-23653",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23653"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2024-23651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23651"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2022-34038",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34038"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-23652",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23652"
},
{
"name": "CVE-2024-3727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3727"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2024-10-04T00:00:00",
"last_revision_date": "2024-10-04T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0841",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-09-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7171677",
"url": "https://www.ibm.com/support/pages/node/7171677"
},
{
"published_at": "2024-09-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7171704",
"url": "https://www.ibm.com/support/pages/node/7171704"
}
]
}
CERTFR-2024-AVI-0923
Vulnerability from certfr_avis - Published: 2024-10-25 - Updated: 2024-10-25
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Express pour UNIX versions 1.5.x antérieures à 1.5.0.17010 | ||
| IBM | QRadar | QRadar Assistant versions antérieures à 3.8.1 | ||
| IBM | Cognos Analytics | Cognos Analytics Mobile (Android) versions 1.1.x antérieures à 1.1.20 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 GA | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.5.0 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 GA | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP4 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 GA | ||
| IBM | Cognos Analytics | Cognos Analytics Mobile (iOS) versions 1.1.x antérieures à 1.1.20 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 GA |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Express pour UNIX versions 1.5.x ant\u00e9rieures \u00e0 1.5.0.17010",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.8.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Mobile (Android) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.5.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 ",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Mobile (iOS) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-0144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0144"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2023-25166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25166"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-28856",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28856"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2018-12538",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12538"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2023-38737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38737"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2022-36943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36943"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38009"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2020-27216",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27216"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2022-29622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29622"
},
{
"name": "CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-45145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45145"
},
{
"name": "CVE-2024-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
},
{
"name": "CVE-2023-0842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0842"
},
{
"name": "CVE-2023-22467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-43383",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43383"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2018-12545",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12545"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-41784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41784"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2022-24834",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24834"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"name": "CVE-2019-10241",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10241"
},
{
"name": "CVE-2022-24736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24736"
},
{
"name": "CVE-2024-25042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25042"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2020-15168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15168"
},
{
"name": "CVE-2023-29262",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29262"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2022-24735",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24735"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2012-2677",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2677"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
}
],
"initial_release_date": "2024-10-25T00:00:00",
"last_revision_date": "2024-10-25T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0923",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173631",
"url": "https://www.ibm.com/support/pages/node/7173631"
},
{
"published_at": "2024-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174016",
"url": "https://www.ibm.com/support/pages/node/7174016"
},
{
"published_at": "2024-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174015",
"url": "https://www.ibm.com/support/pages/node/7174015"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173632",
"url": "https://www.ibm.com/support/pages/node/7173632"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7172691",
"url": "https://www.ibm.com/support/pages/node/7172691"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7172692",
"url": "https://www.ibm.com/support/pages/node/7172692"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173592",
"url": "https://www.ibm.com/support/pages/node/7173592"
},
{
"published_at": "2024-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173866",
"url": "https://www.ibm.com/support/pages/node/7173866"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…