10
CVE-2011-3544
- EPSS 93.04%
- Published 19.10.2011 21:55:01
- Last modified 11.04.2025 00:51:21
- Source secalert_us@oracle.com
- Teams watchlist Login
- Open Login
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
Data is provided by the National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version10.10
Canonical ≫ Ubuntu Linux Version11.04
Canonical ≫ Ubuntu Linux Version11.10
Redhat ≫ Satellite With Embedded Oracle Version5.4
Suse ≫ Linux Enterprise Java Version10 Updatesp4
Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEdition-
03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
VulnerabilityAn access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.04% | 0.998 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.