| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.2 | $5k-$25k | 0.00 |
Summary
A vulnerability, which was classified as critical, has been found in Oracle Java SE up to 8u391/8u391-perf/11.0.21/17.0.9/21.0.1. This affects an unknown part of the component Hotspot. The manipulation leads to an unknown weakness. This vulnerability is documented as CVE-2024-20918. The attack can be initiated remotely. There is not any exploit available.
Details
A vulnerability was found in Oracle Java SE up to 8u391/8u391-perf/11.0.21/17.0.9/21.0.1 (Programming Language Software) and classified as critical. This issue affects an unknown functionality of the component Hotspot. Impacted is confidentiality, and integrity.
The weakness was released 01/16/2024 as Oracle Critical Patch Update Advisory - January 2024. It is possible to read the advisory at oracle.com. The identification of this vulnerability is CVE-2024-20918. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 06/20/2025). It is expected to see the exploit prices for this product decreasing in the near future.
The vulnerability scanner Nessus provides a plugin with the ID 208585 (CentOS 7 : java-1.8.0-ibm (RHSA-2024:1482)), which helps to determine the existence of the flaw in a target environment.
A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (208585) and EUVD (EUVD-2024-18633). Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
- 8u391
- 8u391-perf
- 11.0.0
- 11.0.1
- 11.0.2
- 11.0.3
- 11.0.4
- 11.0.5
- 11.0.6
- 11.0.7
- 11.0.8
- 11.0.9
- 11.0.10
- 11.0.11
- 11.0.12
- 11.0.13
- 11.0.14
- 11.0.15
- 11.0.16
- 11.0.17
- 11.0.18
- 11.0.19
- 11.0.20
- 11.0.21
- 17.0.0
- 17.0.1
- 17.0.2
- 17.0.3
- 17.0.4
- 17.0.5
- 17.0.6
- 17.0.7
- 17.0.8
- 17.0.9
- 21.0.0
- 21.0.1
License
Website
- Vendor: https://www.oracle.com
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.4VulDB Meta Temp Score: 7.2
VulDB Base Score: 7.4
VulDB Temp Score: 7.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 7.4
CNA Vector (Oracle): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: UnknownCWE: Unknown
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 208585
Nessus Name: CentOS 7 : java-1.8.0-ibm (RHSA-2024:1482)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
12/07/2023 🔍01/16/2024 🔍
01/16/2024 🔍
01/17/2024 🔍
06/20/2025 🔍
Sources
Vendor: oracle.comAdvisory: Oracle Critical Patch Update Advisory - January 2024
Status: Confirmed
CVE: CVE-2024-20918 (🔍)
GCVE (CVE): GCVE-0-2024-20918
GCVE (VulDB): GCVE-100-251231
EUVD: 🔍
Entry
Created: 01/17/2024 09:10Updated: 06/20/2025 21:59
Changes: 01/17/2024 09:10 (39), 02/09/2024 15:48 (2), 02/09/2024 15:55 (11), 10/14/2024 22:31 (16), 06/20/2025 21:59 (1)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.