10
CVE-2012-5076
- EPSS 92.38%
- Veröffentlicht 16.10.2012 21:55:02
- Zuletzt bearbeitet 22.10.2025 01:15:45
- Quelle secalert_us@oracle.com
- CVE-Watchlists
- Unerledigt
LoginUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Suse ≫ Linux Enterprise Desktop Version11 Updatesp2
28.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Oracle Java SE Sandbox Bypass Vulnerability
SchwachstelleThe default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 92.38% | 0.997 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.