Oracle Critical Patch Update Advisory - January 2024 (CVE-2024-20952, CVE-2024-20945, CVE-2024-20926, CVE-2024-20921, CVE-2024-20919, CVE-2024-20918)
25160
11 November 2024
02 November 2024
CLOSED
LOW
CVE-2024-20952, CVE-2024-20945, CVE-2024-20926, CVE-2024-20921, CVE-2024-20919, CVE-2024-20918
|
Brocade Security Advisory ID |
BSA-2024-2487 |
|
Component |
Oracle Java |
|
|
|
Summary
Brocade SANnav has provided a Security update for the JAVA vulnerabilities below.
- CVE-2024-20952
- CVE-2024-20945
- CVE-2024-20926
- CVE-2024-20921
- CVE-2024-20919
- CVE-2024-20918
Products Affected
Brocade SANnav contains the vulnerable code, however these CVEs are non-exploitable within the product [VEX Justification: vulnerable_code_not_in_execute_path]
Products Under Investigation
- Brocade Fabric OS [Component_not_present]
- Brocade ASCG [Component_not_present]
Solution
While Brocade SANnav is Not Affected, a security update is provided in Brocade SANnav 2.3.1a and 2.3.0a
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
November 2, 2024 |
|
1,1 |
PSIRT assessed risk changed to Low. SANnav contains the vulnerable code, but is not exploitable. |
November 11, 2024 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.