Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-q1wc-exf5-5bbe
Vulnerability ID VCID-q1wc-exf5-5bbe
Aliases CVE-2011-3544
Summary OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3.1 9.8 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
ssvc Act http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
cvssv3.1 9.8 http://marc.info/?l=bugtraq&m=132750579901589&w=2
ssvc Act http://marc.info/?l=bugtraq&m=132750579901589&w=2
cvssv3.1 9.8 http://marc.info/?l=bugtraq&m=134254866602253&w=2
ssvc Act http://marc.info/?l=bugtraq&m=134254866602253&w=2
cvssv3.1 9.8 http://marc.info/?l=bugtraq&m=134254957702612&w=2
ssvc Act http://marc.info/?l=bugtraq&m=134254957702612&w=2
cvssv3.1 9.8 http://rhn.redhat.com/errata/RHSA-2013-1455.html
ssvc Act http://rhn.redhat.com/errata/RHSA-2013-1455.html
epss 0.92545 https://api.first.org/data/v1/epss?cve=CVE-2011-3544
cvssv3.1 9.8 http://secunia.com/advisories/48308
ssvc Act http://secunia.com/advisories/48308
cvssv3.1 9.8 http://security.gentoo.org/glsa/glsa-201406-32.xml
ssvc Act http://security.gentoo.org/glsa/glsa-201406-32.xml
cvssv3.1 9.8 https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
ssvc Act https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
cvssv3.1 9.8 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
ssvc Act https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
cvssv3.1 9.8 http://www.ibm.com/developerworks/java/jdk/alerts/
ssvc Act http://www.ibm.com/developerworks/java/jdk/alerts/
cvssv3.1 9.8 http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
ssvc Act http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
cvssv3.1 9.8 http://www.redhat.com/support/errata/RHSA-2011-1384.html
ssvc Act http://www.redhat.com/support/errata/RHSA-2011-1384.html
cvssv3.1 9.8 http://www.securityfocus.com/bid/50218
ssvc Act http://www.securityfocus.com/bid/50218
cvssv3.1 9.8 http://www.securitytracker.com/id?1026215
ssvc Act http://www.securitytracker.com/id?1026215
cvssv3.1 9.8 http://www.ubuntu.com/usn/USN-1263-1
ssvc Act http://www.ubuntu.com/usn/USN-1263-1
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3544.json
https://api.first.org/data/v1/epss?cve=CVE-2011-3544
48308 http://secunia.com/advisories/48308
50218 http://www.securityfocus.com/bid/50218
70849 https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
745399 https://bugzilla.redhat.com/show_bug.cgi?id=745399
alerts http://www.ibm.com/developerworks/java/jdk/alerts/
CVE-2011-3544;OSVDB-76500 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/18171.rb
CVE-2011-3544;OSVDB-76500 Exploit http://www.zerodayinitiative.com/advisories/ZDI-11-305/
GLSA-201111-02 https://security.gentoo.org/glsa/201111-02
GLSA-201406-32 https://security.gentoo.org/glsa/201406-32
id?1026215 http://www.securitytracker.com/id?1026215
javacpuoct2011-443431.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=132750579901589&w=2
msg00049.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
oval%3Aorg.mitre.oval%3Adef%3A13947 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
RHSA-2011:1380 https://access.redhat.com/errata/RHSA-2011:1380
RHSA-2011:1384 https://access.redhat.com/errata/RHSA-2011:1384
RHSA-2011-1384.html http://www.redhat.com/support/errata/RHSA-2011-1384.html
RHSA-2012:0034 https://access.redhat.com/errata/RHSA-2012:0034
RHSA-2012:1467 https://access.redhat.com/errata/RHSA-2012:1467
RHSA-2013:1455 https://access.redhat.com/errata/RHSA-2013:1455
RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1455.html
USN-1263-1 https://usn.ubuntu.com/1263-1/
USN-1263-1 http://www.ubuntu.com/usn/USN-1263-1
Data source Exploit-DB
Date added Nov. 30, 2011
Description Java Applet Rhino Script Engine - Remote Code Execution (Metasploit)
Ransomware campaign use Known
Source publication date Nov. 30, 2011
Exploit type remote
Platform multiple
Source update date Nov. 30, 2011
Source URL http://www.zerodayinitiative.com/advisories/ZDI-11-305/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://marc.info/?l=bugtraq&m=132750579901589&w=2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at http://marc.info/?l=bugtraq&m=132750579901589&w=2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://marc.info/?l=bugtraq&m=134254866602253&w=2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at http://marc.info/?l=bugtraq&m=134254866602253&w=2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://marc.info/?l=bugtraq&m=134254957702612&w=2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at http://marc.info/?l=bugtraq&m=134254957702612&w=2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2013-1455.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at http://rhn.redhat.com/errata/RHSA-2013-1455.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/48308
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at http://secunia.com/advisories/48308
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://security.gentoo.org/glsa/glsa-201406-32.xml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at http://security.gentoo.org/glsa/glsa-201406-32.xml
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.ibm.com/developerworks/java/jdk/alerts/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at http://www.ibm.com/developerworks/java/jdk/alerts/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.redhat.com/support/errata/RHSA-2011-1384.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at http://www.redhat.com/support/errata/RHSA-2011-1384.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/50218
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at http://www.securityfocus.com/bid/50218
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id?1026215
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at http://www.securitytracker.com/id?1026215
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.ubuntu.com/usn/USN-1263-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:24:24Z/ Found at http://www.ubuntu.com/usn/USN-1263-1
Exploit Prediction Scoring System (EPSS)
Percentile 0.9975
EPSS Score 0.92545
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T10:13:36.599349+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3544.json 38.6.0