10
CVE-2012-5076
- EPSS 92.5%
- Published 16.10.2012 21:55:02
- Last modified 11.04.2025 00:51:21
- Source secalert_us@oracle.com
- Teams watchlist Login
- Open Login
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
Data is provided by the National Vulnerability Database (NVD)
Suse ≫ Linux Enterprise Desktop Version11 Updatesp2
28.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Oracle Java SE Sandbox Bypass Vulnerability
VulnerabilityThe default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 92.5% | 0.997 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.