Vulnerability in Java SE and Java SE Embedded from Oracle
CVE-2017-3272

9.6CRITICAL

Key Information:

Vendor
Oracle
Status
Java Se
Java Se Embedded
Vendor
CVE Published:
27 January 2017

Summary

The vulnerability in Oracle's Java SE and Java SE Embedded components poses a significant risk by allowing unauthenticated attackers with network access to exploit the affected products. This exploitation can occur through various protocols, necessitating user interaction from individuals other than the attacker. This security issue primarily affects Java instances running untrusted code via sandboxed Java Web Start applications or applets. It does not impact server deployments relying solely on trusted code. Given the wide usage of Java applications in various environments, successful exploitation of this vulnerability can lead to unauthorized access and control over critical systems.

Affected Version(s)

Java SE 6u131

Java SE 7u121

Java SE 8u112

References

http://rhn.redhat.com/errata/RHSA-2017-0338.html
vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3782
vendor-advisoryx_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.