Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-21147
CVE-2024-21147:
Amazon Corretto JDK vulnerability analysis and mitigation
Overview
CVE-2024-21147 is a vulnerability affecting Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products, specifically in the Hotspot component. The affected versions include Oracle Java SE versions 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK versions 17.0.11, 21.0.3, 22.0.1; and Oracle GraalVM Enterprise Edition versions 20.3.14 and 21.3.10. The vulnerability was disclosed in July 2024 as part of Oracle's Critical Patch Update (Oracle CPU).
Technical details
The vulnerability is characterized as a RangeCheckElimination array index overflow issue in the Hotspot component. It has been assigned a CVSS 3.1 Base Score of 7.4 (High severity) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N. This indicates that while the vulnerability is difficult to exploit, it can be accessed remotely without requiring authentication or user interaction (Oracle CPU, NVD).
Impact
Successful exploitation of this vulnerability can result in unauthorized creation, deletion, or modification access to critical data or all Oracle Java SE accessible data, as well as unauthorized access to critical data or complete access to all Oracle Java SE accessible data. The vulnerability can be exploited through APIs in the specified Component, such as through a web service which supplies data to the APIs (Oracle CPU).
Mitigation and workarounds
Oracle has released patches for the affected versions as part of its July 2024 Critical Patch Update. Users are strongly recommended to apply these security patches as soon as possible. For systems running OpenJDK, Red Hat has also released corresponding security updates for their Java packages, and all running instances of OpenJDK Java must be restarted for the updates to take effect (Red Hat Advisory).
Community reactions
Multiple vendors have responded to this vulnerability by releasing their own advisories and patches. NetApp has issued an advisory (NTAP-20240719-0008) detailing the impact on their products and providing specific remediation guidance for affected systems (NetApp Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management