PT-2024-9760 · Oracle+10 · Oracle Java Se+11

Published

2024-10-15

·

Updated

2026-05-08

·

CVE-2024-21210

CVSS v3.1

3.7

Low

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u421 through 8u421-perf, 11.0.24, 17.0.12, 21.0.4, and 23
Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, resulting in unauthorized update, insert, or delete access to some of Oracle Java SE's accessible data. This can be exploited by using APIs in the specified component, for example, through a web service that supplies data to the APIs. The vulnerability also applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security.
Recommendations For Oracle Java SE versions 8u421 and 8u421-perf, update to a version that includes the fix for this issue. For Oracle Java SE version 11.0.24, update to a version that includes the fix for this issue. For Oracle Java SE version 17.0.12, update to a version that includes the fix for this issue. For Oracle Java SE version 21.0.4, update to a version that includes the fix for this issue. For Oracle Java SE version 23, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to APIs in the Hotspot component to minimize the risk of exploitation.

Exploit

Fix

Side Channel Attack

Weakness Enumeration

CWE-203

Related Identifiers

ALSA-2024:8117
ALSA-2024:8121
ALSA-2024:8124
ALSA-2024:8127
ALT-PU-2024-16502
ALT-PU-2024-16506
ALT-PU-2024-16508
ALT-PU-2024-16693
ALT-PU-2024-16698
ALT-PU-2024-16760
ALT-PU-2024-17262
ALT-PU-2024-17645
ALT-PU-2024-17647
ALT-PU-2024-17648
ALT-PU-2025-1037
ALT-PU-2025-2309
ALT-PU-2025-2383
ALT-PU-2025-6317
BDU:2024-11498
BIT-JAVA-2024-21210
BIT-JAVA-MIN-2024-21210
BIT-JRE-2024-21210
CESA-2024_10926
CESA-2024_8117
CESA-2024_8121
CESA-2024_8124
CESA-2024_8127
CVE-2024-21210
DLA-3927-1
DLA-3929-1
DSA-5794-1
INFSA-2024_8117
INFSA-2024_8121
INFSA-2024_8124
INFSA-2024_8127
MGASA-2024-0364
OESA-2024-2391
OESA-2024-2392
OESA-2024-2393
OESA-2024-2394
OESA-2024-2442
OESA-2024-2450
OESA-2024-2451
OESA-2024-2452
OESA-2024-2453
OESA-2024-2485
OESA-2024-2486
OESA-2024-2487
OESA-2024-2488
OESA-2024-2489
OESA-2025-1251
OPENSUSE-SU-2024:14432-1
OPENSUSE-SU-2024:14448-1
OPENSUSE-SU-2024:14449-1
OPENSUSE-SU-2024:14453-1
OPENSUSE-SU-2024:14465-1
OPENSUSE-SU-2024_3875-1
OPENSUSE-SU-2024_3963-1
OPENSUSE-SU-2024_4202-1
OPENSUSE-SU-2024_4306-1
OPENSUSE-SU-2025:0066-1
OPENSUSE-SU-2025:0067-1
OPENSUSE-SU-2025_0435-1
RHSA-2024:10926
RHSA-2024:8116
RHSA-2024:8117
RHSA-2024:8120
RHSA-2024:8121
RHSA-2024:8124
RHSA-2024:8127
RHSA-2024_10926
RHSA-2024_8117
RHSA-2024_8121
RHSA-2024_8124
RHSA-2024_8127
RLSA-2024:8117
RLSA-2024:8121
RLSA-2024:8124
RLSA-2024:8127
ROSA-SA-2025-2789
ROSA-SA-2025-2790
SUSE-SU-2024:3802-1
SUSE-SU-2024:3875-1
SUSE-SU-2024:3954-1
SUSE-SU-2024:3963-1
SUSE-SU-2024:3987-1
SUSE-SU-2024:4202-1
SUSE-SU-2024:4252-1
SUSE-SU-2024:4306-1
SUSE-SU-2025:0435-1
USN-7096-1
USN-7096-2
USN-7097-1
USN-7098-1
USN-7099-1
USN-7124-1
USN-7338-1
USN-7339-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Java Platform
Linuxmint
Oracle Java Se
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu