10
CVE-2013-2465
- EPSS 98.7%
- Veröffentlicht 18.06.2013 22:55:02
- Zuletzt bearbeitet 22.04.2026 13:08:16
- Quelle secalert_us@oracle.com
- CVE-Watchlists
- Unerledigt
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Suse ≫ Linux Enterprise Desktop Version10 Updatesp4 SwEdition-
Suse ≫ Linux Enterprise Java Version10 Updatesp4
Suse ≫ Linux Enterprise Java Version11 Updatesp2
Suse ≫ Linux Enterprise Java Version11 Updatesp3
Suse ≫ Linux Enterprise Server Version10 Updatesp3 SwEditionltss
Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEdition-
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatform-
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatformvmware
Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatform-
Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp2
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp3
28.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Oracle Java SE Unspecified Vulnerability
SchwachstelleUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 98.7% | 0.999 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-693 Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
http://marc.info/?l=bugtraq&m=137545592101387&w=2
http://advisories.mageia.org/MGASA-2013-0185.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
http://rhn.redhat.com/errata/RHSA-2013-0963.html
http://rhn.redhat.com/errata/RHSA-2013-1059.html
http://rhn.redhat.com/errata/RHSA-2013-1060.html
http://rhn.redhat.com/errata/RHSA-2013-1081.html
http://secunia.com/advisories/54154
http://www-01.ibm.com/support/docview.wss?uid=swg21642336
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
http://www.us-cert.gov/ncas/alerts/TA13-169A
https://access.redhat.com/errata/RHSA-2014:0414
http://marc.info/?l=bugtraq&m=137545505800971&w=2
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040
http://www.securityfocus.com/bid/60657
https://bugzilla.redhat.com/show_bug.cgi?id=975118
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703
https://www.vicarius.io/vsociety/posts/cve-2013-2465-detect-java-vulnerability
https://www.vicarius.io/vsociety/posts/cve-2013-2465-mitigate-java-vulnerability
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2465