The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0682 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2024-21011:
    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of     Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u401,     8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22;   Oracle GraalVM     Enterprise Edition: 20.3.13 and  21.3.9. Difficult to exploit vulnerability allows unauthenticated     attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK,     Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized     ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK,     Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the     specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also     applies to Java deployments, typically in clients running sandboxed Java Web Start applications or     sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and     rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

    CVE-2024-21094:
    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of     Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u401,     8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM     Enterprise Edition: 20.3.13 and  21.3.9. Difficult to exploit vulnerability allows unauthenticated     attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK,     Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized     update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM     Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the     specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also     applies to Java deployments, typically in clients running sandboxed Java Web Start applications or     sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and     rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

    CVE-2024-21085:
    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Concurrency).  Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf,     11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and  21.3.9. Difficult to exploit vulnerability allows     unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle     GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability     to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.
    Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web     service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in     clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run     untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS     3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

    CVE-2024-21068:
    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of     Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u401-perf,     11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and  22; Oracle GraalVM Enterprise     Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access     via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise     Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete     access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible     data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a     web service which supplies data to the APIs. This vulnerability also applies to Java deployments,     typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load     and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for     security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

    CVE-2024-21012:
    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of     Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 11.0.22,     17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition:
    20.3.13 and  21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network     access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM     Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert     or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not     apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed     by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

    CVE-2024-20918:
    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of     Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u391,     8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise     Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker     with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle     GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized     creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK,     Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or     complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g.,     through a web service which supplies data to the APIs. This vulnerability also applies to Java     deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets,     that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox     for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

    CVE-2024-20952:
    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of     Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u391,     8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise     Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker     with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle     GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized     creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK,     Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or     complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not     apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed     by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

    CVE-2024-20926:
    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of     Oracle Java SE (component: Scripting).  Supported versions that are affected are Oracle Java SE: 8u391,     8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8     and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via     multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise     Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or     complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g.,     through a web service which supplies data to the APIs. This vulnerability also applies to Java     deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets,     that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox     for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

    CVE-2024-20919:
    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of     Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u391,     8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise     Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker     with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle     GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized     creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK,     Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by     supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or     Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts).  CVSS     Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

    CVE-2024-20921:
    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of     Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u391,     8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise     Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker     with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle     GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access     to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM     Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the     specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also     applies to Java deployments, typically in clients running sandboxed Java Web Start applications or     sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and     rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

    CVE-2024-20945:
    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of     Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u391,     8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise     Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows low privileged attacker     with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise     Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.
    Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete     access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.
    Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web     service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in     clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run     untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS     3.1 Base Score 4.7 (Confidentiality impacts).  CVSS Vector:
    (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).

    CVE-2022-21619:
    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf,     11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to     exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can     result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM     Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in     clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run     untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This     vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service     which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

TencentOS Server 4: java-11-konajdk (TSSA-2024:0682)

low Nessus Plugin ID 239256

Version 1.2

Version 1.1

Version 1.2 Nov 21, 2025, 2:12 PM CVE (set "CVE" coverage to "CVE-2022-21619,CVE-2024-20918,CVE-2024-20919,CVE-2024-20921,CVE-2024-20926,CVE-2024-20945,CVE-2024-20952,CVE-2024-21011,CVE-2024-21012,CVE-2024-21068,CVE-2024-21085,CVE-2024-21094") CVSS metrics ("CVSSv2 score" set to 2.6) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N") CVSS metrics ("CVSSv3 score" set to 3.7) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 score source (set to "CVE-2022-21619") CVSSv2 severity (based on CVE-2022-21619, severity decreased from "High" to "Low") CVSSv3 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202511211412
Version 1.1 Jun 17, 2025, 2:02 AM New Plugin Feed: 202506170202