What is the severity of CVE-2024-21144?

CVE-2024-21144 is classified as having a low availability impact due to an unspecified vulnerability in Java SE's Concurrency component.

How do I fix CVE-2024-21144?

To mitigate CVE-2024-21144, it is recommended to apply the latest security patches provided by your software vendor.

Which versions are affected by CVE-2024-21144?

CVE-2024-21144 affects multiple versions of IBM Sterling Secure Proxy and various OpenJDK packages, particularly those before specified patched versions.

Is there a known exploit for CVE-2024-21144?

There are currently no public exploits known for CVE-2024-21144, but it is advisable to mitigate the risk as a precaution.

What software does CVE-2024-21144 impact?

CVE-2024-21144 impacts Java SE and software relying on it, including IBM Sterling Secure Proxy and OpenJDK versions.

Vulnerability/
CVE-2024-21144

low

3.7

15/7/2024

16/7/2024

20/2/2025

CVE-2024-21144

First published: Mon Jul 15 2024(Updated: )

An unspecified vulnerability in Java SE related to the Concurrency component could allow a remote attacker to cause low availability impact.

Credit: secalert_us@oracle.com secalert_us@oracle.com

Affected Software	Affected Version	How to fix
debian/openjdk-11		11.0.24+8-2~deb11u1 11.0.26+4-1~deb11u1 11.0.26+4-1
debian/openjdk-8		8u442-ga-1
IBM Cognos Controller	<=11.0.0 - 11.0.1 FP3
IBM Cognos Controller	<=11.1.0
Oracle OpenJDK 1.8.0	=1.8.0-update411
Oracle OpenJDK 1.8.0	=1.8.0-update411
Oracle OpenJDK 1.8.0	=11.0.23
Oracle JRE	=1.8.0-update411
Oracle JRE	=1.8.0-update411
Oracle JRE	=11.0.23
Oracle GraalVM Enterprise Edition	=20.3.14
Oracle GraalVM Enterprise Edition	=21.3.10
NetApp OnCommand Workflow Automation

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7183597

Frequently Asked Questions

What is the severity of CVE-2024-21144?
CVE-2024-21144 is classified as having a low availability impact due to an unspecified vulnerability in Java SE's Concurrency component.
How do I fix CVE-2024-21144?
To mitigate CVE-2024-21144, it is recommended to apply the latest security patches provided by your software vendor.
Which versions are affected by CVE-2024-21144?
CVE-2024-21144 affects multiple versions of IBM Sterling Secure Proxy and various OpenJDK packages, particularly those before specified patched versions.
Is there a known exploit for CVE-2024-21144?
There are currently no public exploits known for CVE-2024-21144, but it is advisable to mitigate the risk as a precaution.
What software does CVE-2024-21144 impact?
CVE-2024-21144 impacts Java SE and software relying on it, including IBM Sterling Secure Proxy and OpenJDK versions.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-21144
agent/severity
collector/usn-cve
source/Ubuntu
agent/description
agent/trending
agent/source
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/references
agent/event
agent/last-modified-date
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-api
agent/softwarecombine
agent/tags
collector/ibm-support
source/IBM
package-manager/debian
vendor/oracle
canonical/oracle openjdk 1.8.0
version/oracle openjdk 1.8.0/1.8.0-update411
version/oracle openjdk 1.8.0/11.0.23
canonical/oracle jre
version/oracle jre/1.8.0-update411
version/oracle jre/11.0.23
canonical/oracle graalvm enterprise edition
version/oracle graalvm enterprise edition/20.3.14
version/oracle graalvm enterprise edition/21.3.10
vendor/netapp
canonical/netapp oncommand workflow automation
vendor/ibm
canonical/ibm cognos controller
version/ibm cognos controller/11.0.0 - 11.0.1 fp3
version/ibm cognos controller/11.1.0