CVE-2024-41995
First published: Tue Aug 06 2024(Updated: )
Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of MFPs and printers that contain JavaTM Platform, see the information provided by the vendor.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Java | <12.89 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-41995?
The severity of CVE-2024-41995 has not been explicitly rated, but it poses risks related to the use of insecure defaults in TLS protocols.
How do I fix CVE-2024-41995?
To fix CVE-2024-41995, update your Java Platform to a version later than 12.89 and ensure secure TLS configurations.
Which products are affected by CVE-2024-41995?
CVE-2024-41995 affects the Oracle Java Platform version 12.89 and earlier.
What are the implications of CVE-2024-41995?
Exploitation of CVE-2024-41995 may lead to vulnerabilities related to TLS 1.0 and TLS 1.1, potentially compromising secure communications.
Is there a workaround for CVE-2024-41995?
A temporary workaround for CVE-2024-41995 includes configuring the application to disable TLS 1.0 and 1.1 support if upgrading is not immediately feasible.
- agent/author
- agent/references
- agent/type
- agent/description
- agent/severity
- agent/first-publish-date
- agent/source
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle java