Support Content Notification - Support Portal

Oracle Java SE Multiple Vulnerabilities (October 2024)

Product/Component

Brocade SANnav

0 more products

Notification Id

35913

Last Updated

08 July 2025

Initial Publication Date

08 July 2025

Status

CLOSED

Severity

LOW

CVSS Base Score

Varies

WorkAround

Affected CVE

CVE-2024-36138, CVE-2023-42950, CVE-2024-25062, CVE-2024-21235, CVE-2024-21210, CVE-2024-21211, CVE-2024-21208, CVE-2024-21217

Brocade Security Advisory ID	BSA-2025-3029
Component	Oracle Java

Summary

Oracle Java SE Multiple Vulnerabilities (October 2024)

CVE-2024-36138
CVSS 3.1 Base Score 8.1
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Brocade SANnav not affected: [VEX Justification: Vulnerable_code_cannot_be_contolled_by_adversary]

CVE-2023-42950
CVSS 3.1 Base Score 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Brocade SANnav not affected: [VEX Justification: Vulnerable_code_cannot_be_contolled_by_adversary]

CVE-2024-25062
CVSS 3.1 Base Score 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Brocade SANnav not affected: [VEX Justification: Vulnerable_code_cannot_be_contolled_by_adversary]

CVE-2024-21235
CVSS 3.1 Base Score 4.8
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Brocade SANnav not affected: [VEX Justification: Vulnerable_code_cannot_be_contolled_by_adversary]

CVE-2024-21210
CVSS 3.1 Base Score 3.7
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Brocade SANnav not affected: [VEX Justification: Vulnerable_code_cannot_be_contolled_by_adversary]

CVE-2024-21211
CVSS 3.1 Base Score 3.7
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Brocade SANnav not affected: [VEX Justification: Vulnerable_code_cannot_be_contolled_by_adversary]

CVE-2024-21208
CVSS 3.1 Base Score 3.7
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Brocade SANnav not affected: [VEX Justification: Vulnerable_code_cannot_be_contolled_by_adversary]

CVE-2024-21217
CVSS 3.1 Base Score 3.7
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Brocade SANnav not affected: [VEX Justification: Vulnerable_code_cannot_be_contolled_by_adversary]

Products Not Affected

Brocade Fabric OS
[VEX Justification: Component_not_present]
Brocade SANnav
[VEX Justification: See above]
Brocade ASCG
[VEX Justification: Component_not_present]

Solution

While not exploitable, security updates for the Oracle critical patch update are provided in Brocade SANnav 2.4.0a

Revision History

Version	Change	Date
1.0	Initial Publication	July 8, 2025

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.