Oracle JDK vulnerability updates

kamalhus123 · August 13, 2024, 4:12pm

We have an installed version of Elasticseach which is currently showing a vulnerability identified by Nessus scans identified back on July 2024. Specifically, these are the identified vulnerabilities: CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21144,CVE-2024-21145,CVE-2024-21147

Since we are using the integrated version of Oracle Java, what is the normal process to remediate these. Our other option will be to uninstall Java and use an official verison which we prefer to avoid.

Thanks,

Kamal

Christian_Dahlqvist · August 13, 2024, 5:30pm

Which version of Elasticsearch are you using? Have you tried scanning the latest version to see if upgrading to this would solve the issue?

Topic		Replies	Views
Vulnerable Java version bundled with 8.14.3 & 8.15 Elasticsearch elastic-stack-security	8	223	September 11, 2024
Elastic Stack 8.4.0, 7.17.6 Security Statement Security Announcements docker	1	6119	November 4, 2022
Vulnerabilities Related to Java (in January 2023.) Elasticsearch	3	229	February 17, 2023
CVEs present in the latest version Elasticsearch	2	458	June 6, 2023
Vulnerability ESA-2019-04 Elasticsearch	5	434	January 18, 2023

Oracle JDK vulnerability updates

Related Topics