Search for vulnerabilities
| Vulnerability ID | VCID-2wm9-zz9n-8uhp |
| Aliases |
CVE-2013-0431
|
| Summary | OpenJDK: JMX Introspector missing package access check (JMX, 8000539, SE-2012-01 Issue 52) |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 0.8 |
| Risk | 1.6 |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| epss | 0.91543 | https://api.first.org/data/v1/epss?cve=CVE-2013-0431 |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0431.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2013-0431 | ||
| 906447 | https://bugzilla.redhat.com/show_bug.cgi?id=906447 | |
| CVE-2013-0431;OSVDB-89613 | Exploit | https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24539.rb |
| GLSA-201406-32 | https://security.gentoo.org/glsa/201406-32 | |
| RHSA-2013:0237 | https://access.redhat.com/errata/RHSA-2013:0237 | |
| RHSA-2013:0247 | https://access.redhat.com/errata/RHSA-2013:0247 | |
| RHSA-2013:0626 | https://access.redhat.com/errata/RHSA-2013:0626 |
| Data source | Metasploit |
|---|---|
| Description | This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user. |
| Note | Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects |
| Ransomware campaign use | Unknown |
| Source publication date | Jan. 19, 2013 |
| Platform | Java,Linux,OSX,Windows |
| Source URL | https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/java_jre17_jmxbean_2.rb |
| Data source | KEV |
|---|---|
| Date added | May 25, 2022 |
| Description | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox. |
| Required action | Apply updates per vendor instructions. |
| Due date | June 15, 2022 |
| Note | https://nvd.nist.gov/vuln/detail/CVE-2013-0431 |
| Ransomware campaign use | Known |
| Data source | Exploit-DB |
|---|---|
| Date added | Feb. 25, 2013 |
| Description | Java Applet JMX - Remote Code Execution (Metasploit) (2) |
| Ransomware campaign use | Known |
| Source publication date | Feb. 25, 2013 |
| Exploit type | remote |
| Platform | multiple |
| Source update date | Feb. 25, 2013 |
| Percentile | 0.99688 |
| EPSS Score | 0.91543 |
| Published At | June 4, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-04T18:23:02.675601+00:00 | RedHat Importer | Import | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0431.json | 38.6.0 |