First published: Thu Jan 11 2024(Updated: )
An unspecified vulnerability in Java SE related to the Scripting component could allow a remote attacker to cause high confidentiality impact.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Cognos Controller | <=11.0.0 - 11.0.1 | |
Oracle GraalVM Enterprise Edition | =20.3.12 | |
Oracle GraalVM Enterprise Edition | =21.3.8 | |
Oracle GraalVM Enterprise Edition | =22.3.4 | |
Oracle GraalVM for JDK | =17.0.9 | |
Oracle GraalVM for JDK | =21.0.1 | |
Oracle Java SE 7 | =1.8.0-update391 | |
Oracle Java SE 7 | =1.8.0-update391 | |
Oracle Java SE 7 | =11.0.21 | |
Oracle Java SE 7 | =17.0.9 | |
Oracle Java SE 7 | =21.0.1 | |
Oracle JRE | =1.8.0-update391 | |
Oracle JRE | =1.8.0-update391 | |
Oracle JRE | =11.0.21 | |
Oracle JRE | =17.0.9 | |
Oracle JRE | =21.0.1 | |
NetApp Cloud Insights Acquisition Unit | ||
NetApp Cloud Insights Storage Workload Security Agent | ||
NetApp OnCommand Insight | ||
Debian Linux | =10.0 | |
debian/openjdk-11 | 11.0.24+8-2~deb11u1 11.0.26+4-1~deb11u1 11.0.27~4ea-1 | |
debian/openjdk-17 | 17.0.12+7-2~deb11u1 17.0.14+7-1~deb11u1 17.0.14+7-1~deb12u1 17.0.15~4ea-1 17.0.15~5ea-1 | |
debian/openjdk-21 | 21.0.7~7ea-1 21.0.7~8ea-1 | |
debian/openjdk-8 | 8u442-ga-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-20926 has a high confidentiality impact severity level.
To fix CVE-2024-20926, update your Java SE installations to the patched versions provided by your vendor.
CVE-2024-20926 affects several products including Oracle GraalVM, OpenJDK, and IBM Cognos Controller.
Yes, CVE-2024-20926 can allow arbitrary Java code execution due to vulnerabilities in the Nashorn JavaScript engine.
Yes, remedial packages for CVE-2024-20926 are available for various OpenJDK versions from their respective distributors.