CVE-2024-20945 is a vulnerability in the security component of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition affecting multiple supported versions including Java SE 8u391, 11.0.21, 17.0.9, 21.0.1, and corresponding GraalVM versions. The flaw allows a low privileged attacker who has authenticated access to the infrastructure where these Java runtimes execute to compromise the confidentiality of data accessible through these Java environments. The vulnerability arises from improper handling or insufficient security controls in certain APIs, which can be exploited via web services supplying data to these APIs or through sandboxed Java Web Start applications and applets that run untrusted code relying on the Java sandbox for security. The attack complexity is high, requiring local access with low privileges but no user interaction. Successful exploitation can lead to unauthorized disclosure of critical data but does not affect integrity or availability. The CVSS 3.1 base score is 4.7, reflecting a medium severity with a vector of AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N. No known exploits have been reported in the wild to date. This vulnerability highlights risks in environments where Java applications execute untrusted code or expose APIs that can be manipulated by authenticated but low privileged users. It is critical for organizations to apply patches when available and to limit access to Java execution environments to trusted users only.

For European organizations, the impact of CVE-2024-20945 primarily concerns confidentiality breaches within systems running affected Oracle Java SE and GraalVM versions. Organizations relying on Java-based applications, middleware, or services that expose APIs or run sandboxed Java applets/web start applications are at risk of unauthorized data disclosure if an attacker gains low privileged authenticated access to the infrastructure. This could lead to exposure of sensitive business data, intellectual property, or personal data protected under GDPR, potentially resulting in regulatory penalties and reputational damage. The vulnerability does not affect data integrity or system availability, so operational disruption is unlikely. However, the requirement for local authenticated access limits the attack surface to insiders, compromised accounts, or attackers who have already breached perimeter defenses. European enterprises with extensive Java deployments in sectors such as finance, manufacturing, telecommunications, and government are particularly at risk due to their reliance on Java technologies and the sensitivity of their data. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially in targeted attacks or insider threat scenarios.

1. Apply Oracle's security patches promptly once available for all affected Java SE and GraalVM versions to remediate the vulnerability. 2. Restrict access to infrastructure running Java environments to trusted and authenticated users only, employing strong authentication and network segmentation to limit lateral movement. 3. Audit and monitor usage of Java APIs, especially those exposed via web services or used by sandboxed Java Web Start applications and applets, to detect anomalous or unauthorized access patterns. 4. Avoid running untrusted or internet-sourced code within Java sandbox environments; if necessary, implement additional sandboxing or code signing to validate code integrity. 5. Employ the principle of least privilege for user accounts on systems running Java runtimes to reduce the impact of compromised credentials. 6. Use runtime application self-protection (RASP) or endpoint detection and response (EDR) tools to detect exploitation attempts targeting Java components. 7. Regularly review and update Java runtime versions to supported, patched releases and deprecate legacy versions that no longer receive security updates. 8. Conduct security awareness training focused on insider threats and credential security to reduce risk of low privileged account misuse.