Java SE Vulnerability in Oracle's Java Component
CVE-2016-5549

6.5MEDIUM

Key Information:

Vendor
Oracle
Status
Java Se
Java Se Embedded
Vendor
CVE Published:
27 January 2017

Summary

A security vulnerability exists in the Java SE and Java SE Embedded components of Oracle Java SE, specifically within its Libraries subcomponent. This flaw can be exploited by unauthenticated attackers with network access through various protocols, enabling them to compromise the system. The successful exploitation of this vulnerability necessitates human interaction from a third party, leading to potentially unauthorized access to sensitive data or full control over all accessible data within the Java environment. This risk is particularly pertinent in scenarios where Java applications run untrusted code from the internet, yet does not affect environments where only trusted code is executed.

Affected Version(s)

Java SE 7u121

Java SE 8u112

Java SE Embedded 8u111

References

http://rhn.redhat.com/errata/RHSA-2017-0338.html
vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0176.html
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201701-65
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.