10
CVE-2011-3544
- EPSS 93.04%
- Veröffentlicht 19.10.2011 21:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert_us@oracle.com
- Teams Watchlist Login
- Unerledigt Login
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version10.10
Canonical ≫ Ubuntu Linux Version11.04
Canonical ≫ Ubuntu Linux Version11.10
Redhat ≫ Satellite With Embedded Oracle Version5.4
Suse ≫ Linux Enterprise Java Version10 Updatesp4
Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEdition-
03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
SchwachstelleAn access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.04% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.