SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-21147

CVE-2024-21147: NetApp Active IQ Unified Manager RCE

CVE-2024-21147 is a remote code execution vulnerability in NetApp Active IQ Unified Manager through Oracle Java SE Hotspot component. This flaw allows unauthorized data access and modification. Learn about technical details, affected versions, and mitigation strategies.

Updated:

CVE-2024-21147 Overview

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. This vulnerability allows unauthenticated attackers with network access to compromise Oracle Java SE and GraalVM products, potentially leading to unauthorized data creation, deletion, modification, or access.

Critical Impact

Unauthorized access and manipulation of critical data

Affected Products

  • Oracle Java SE
  • Oracle GraalVM for JDK
  • Oracle GraalVM Enterprise Edition

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to Netapp
  • Not Available - CVE CVE-2024-21147 assigned
  • Not Available - Netapp releases security patch
  • 2024-07-16T23:15:16.377 - CVE CVE-2024-21147 published to NVD
  • 2025-06-17T19:57:24.670 - Last updated in NVD database

Technical Details for CVE-2024-21147

Vulnerability Analysis

The vulnerability is difficult to exploit and allows an unauthenticated attacker access to Oracle Java SE and GraalVM products through APIs, potentially leading to unauthorized data manipulation.

Root Cause

The root cause of this vulnerability is the improper handling of requests through specific APIs in the Hotspot component, which allows malicious data manipulation.

Attack Vector

Network

java
// Example exploitation code (sanitized)
public class Exploit {
    public static void main(String[] args) {
        // Use network connection to access vulnerable API
        // Example exploit steps
        System.out.println("Attempting to exploit vulnerability...");
        // Detailed exploit code should be implemented here
    }
}

Detection Methods for CVE-2024-21147

Indicators of Compromise

  • Unusual API access patterns
  • Unexpected data creation or modification activity
  • Irregular network traffic patterns

Detection Strategies

Implement network monitoring to capture anomaly detection in API requests. Analyze logs for unusual access patterns or data manipulation activities that can signal attempted exploitation.

Monitoring Recommendations

Deploy network traffic monitoring tools and enable logging on all relevant API endpoints. Ensure regular review of security logs to detect unauthorized access attempts.

How to Mitigate CVE-2024-21147

Immediate Actions Required

  • Update Java SE and GraalVM to the latest patched versions
  • Review and restrict API access only to trusted sources
  • Implement stricter input validation on API endpoints

Patch Information

Apply the patches provided by Oracle in the July 2024 security updates to address this vulnerability. Ensure all affected products are updated to a secure version.

Workarounds

For environments where patching is not immediately possible, implement network-based restrictions to limit exposure to unauthorized API access.

bash
# Configuration example
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne