First published: Mon Jul 15 2024(Updated: )
An unspecified vulnerability in Java SE related to the Concurrency component could allow a remote attacker to cause low availability impact.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/openjdk-11 | 11.0.24+8-2~deb11u1 11.0.26+4-1~deb11u1 11.0.27~4ea-1 | |
debian/openjdk-8 | 8u442-ga-2 | |
Oracle Java SE 7 | =1.8.0-update411 | |
Oracle Java SE 7 | =1.8.0-update411 | |
Oracle Java SE 7 | =11.0.23 | |
Oracle JRE | =1.8.0-update411 | |
Oracle JRE | =1.8.0-update411 | |
Oracle JRE | =11.0.23 | |
Oracle GraalVM Enterprise Edition | =20.3.14 | |
Oracle GraalVM Enterprise Edition | =21.3.10 | |
NetApp OnCommand Workflow Automation | ||
IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
IBM Security Verify Governance, Identity Manager Software Stack | <=ISVG 10.0.2 | |
IBM Security Verify Governance, Identity Manager Virtual Appliance | <=ISVG 10.0.2 | |
IBM Security Verify Governance Identity Manager Container | <=ISVG 10.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-21144 is classified as having a low availability impact due to an unspecified vulnerability in Java SE's Concurrency component.
To mitigate CVE-2024-21144, it is recommended to apply the latest security patches provided by your software vendor.
CVE-2024-21144 affects multiple versions of IBM Sterling Secure Proxy and various OpenJDK packages, particularly those before specified patched versions.
There are currently no public exploits known for CVE-2024-21144, but it is advisable to mitigate the risk as a precaution.
CVE-2024-21144 impacts Java SE and software relying on it, including IBM Sterling Secure Proxy and OpenJDK versions.