Oracle Java SE and GraalVM Networking Vulnerability Allowing Unauthenticated Data Access

A vulnerability has been identified in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition, specifically within the Networking component. Affected versions include Oracle Java SE 8u451-perf, 11.0.27, 17.0.15, 21.0.7, and 24.0.1, as well as Oracle GraalVM for JDK 17.0.15, 21.0.7, and 24.0.1. This vulnerability allows an unauthenticated attacker with network access to compromise these Java environments. While the issue originates in client-side Java deployments that execute untrusted code from the internet within a sandboxed environment, it can also impact additional products, leading to a scope change. Successful exploitation could result in unauthorized access to critical data or complete access to all data within the affected Java environment.

Impact

Exploitation of this vulnerability could lead to unauthorized access to critical data or complete access to all data within the affected Oracle Java SE, Oracle GraalVM for JDK, or Oracle GraalVM Enterprise Edition environment.