Library Vulnerability in Oracle Java SE and Java SE Embedded
CVE-2016-5548

6.5MEDIUM

Key Information:

Vendor
Oracle
Status
Java Se
Java Se Embedded
Vendor
CVE Published:
27 January 2017

Summary

A library vulnerability exists in Oracle Java SE and Java SE Embedded that could be exploited through untrusted code, allowing an unauthenticated attacker with network access to compromise the affected systems. This vulnerability is particularly relevant for Java deployments in environments where sandboxed Java Web Start applications or applets load and execute untrusted code from the internet. Successful exploitation may lead to unauthorized access to sensitive data or complete control over the data accessible by the vulnerable Java installations.

Affected Version(s)

Java SE 6u131

Java SE 7u121

Java SE 8u112

References

http://rhn.redhat.com/errata/RHSA-2017-0338.html
vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3782
vendor-advisoryx_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.