10

CVE-2016-3427

Warning

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

Data is provided by the National Vulnerability Database (NVD)
OracleJdk Version1.6.0 Updateupdate113
OracleJdk Version1.7.0 Updateupdate99
OracleJdk Version1.8.0 Updateupdate77
OracleJre Version1.6.0 Updateupdate113
OracleJre Version1.7.0 Updateupdate99
OracleJre Version1.8.0 Updateupdate77
OracleJrockit Versionr28.3.9
OracleLinux Version5 Update-
OracleLinux Version6 Update-
OracleLinux Version7 Update-
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionesm
DebianDebian Linux Version8.0
NetappE-series Santricity Management Plug-ins Version- SwPlatformvmware_vcenter
NetappE-series Santricity Web Services Version- SwPlatformweb_services_proxy
NetappOncommand Balance Version-
NetappOncommand Insight Version-
NetappOncommand Report Version-
NetappOncommand Shift Version-
NetappOncommand Unified Manager Version- SwPlatform7-mode
NetappOncommand Unified Manager Version- SwPlatformclustered_data_ontap
NetappStoragegrid Version <= 9.0.4
NetappVirtual Storage Console SwPlatformvmware_vsphere Version >= 7.2
ApacheCassandra Version >= 2.1.0 < 2.1.22
ApacheCassandra Version >= 2.2.0 < 2.2.18
ApacheCassandra Version >= 3.0.0 < 3.0.22
ApacheCassandra Version >= 3.11.0 < 3.11.8
ApacheCassandra Version4.0.0 Updatebeta1
RedhatSatellite Version5.6
RedhatSatellite Version5.7
RedhatEnterprise Linux Eus Version6.7
RedhatEnterprise Linux Eus Version7.2
RedhatEnterprise Linux Eus Version7.3
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7
SuseManager Version2.1
SuseManager Proxy Version2.1
SuseOpenstack Cloud Version5
OpensuseLeap Version42.1
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
SuseLinux Enterprise Desktop Version12 Update-
SuseLinux Enterprise Desktop Version12 Updatesp1
SuseLinux Enterprise Server Version10 Updatesp4 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp2 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp3 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp4
SuseLinux Enterprise Server Version12 Update-
SuseLinux Enterprise Server Version12 Updatesp1

12.05.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Oracle Java SE and JRockit Unspecified Vulnerability

Vulnerability

Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 93.75% 0.998
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.debian.org/security/2016/dsa-3558
Third Party Advisory
Mailing List
http://www.securitytracker.com/id/1035596
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/86421
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1037331
Third Party Advisory
Broken Link
VDB Entry