Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-7rua-9gwq-pkcu
Vulnerability ID VCID-7rua-9gwq-pkcu
Aliases CVE-2013-2423
Summary Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution.
Status Published
Exploitability 2.0
Weighted Severity 3.9
Risk 7.8
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-284 Improper Access Control
System Score Found at
cvssv3.1 3.7 http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
ssvc Track http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
cvssv3.1 3.7 http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html
ssvc Track http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html
cvssv3.1 3.7 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f
ssvc Track http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f
cvssv3.1 3.7 http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
ssvc Track http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
cvssv3.1 3.7 http://rhn.redhat.com/errata/RHSA-2013-0752.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2013-0752.html
cvssv3.1 3.7 http://rhn.redhat.com/errata/RHSA-2013-0757.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2013-0757.html
epss 0.93397 https://api.first.org/data/v1/epss?cve=CVE-2013-2423
epss 0.93397 https://api.first.org/data/v1/epss?cve=CVE-2013-2423
epss 0.93397 https://api.first.org/data/v1/epss?cve=CVE-2013-2423
epss 0.93397 https://api.first.org/data/v1/epss?cve=CVE-2013-2423
cvssv3.1 3.7 https://bugzilla.redhat.com/show_bug.cgi?id=952398
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=952398
cvssv3.1 3.7 http://security.gentoo.org/glsa/glsa-201406-32.xml
ssvc Track http://security.gentoo.org/glsa/glsa-201406-32.xml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2013-2423
cvssv3.1 3.7 https://nvd.nist.gov/vuln/detail/CVE-2013-2423
cvssv3.1 3.7 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700
ssvc Track https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700
cvssv3.1 3.7 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
ssvc Track https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
cvssv3.1 3.7 http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0
ssvc Track http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0
cvssv3.1 3.7 http://www.exploit-db.com/exploits/24976
ssvc Track http://www.exploit-db.com/exploits/24976
cvssv3.1 3.7 http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
ssvc Track http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
cvssv3.1 3.7 http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
ssvc Track http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
cvssv3.1 3.7 http://www.ubuntu.com/usn/USN-1806-1
ssvc Track http://www.ubuntu.com/usn/USN-1806-1
cvssv3.1 3.7 http://www.us-cert.gov/ncas/alerts/TA13-107A
ssvc Track http://www.us-cert.gov/ncas/alerts/TA13-107A
Reference id Reference type URL
http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f
http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
http://rhn.redhat.com/errata/RHSA-2013-0752.html
http://rhn.redhat.com/errata/RHSA-2013-0757.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2423.json
https://api.first.org/data/v1/epss?cve=CVE-2013-2423
http://security.gentoo.org/glsa/glsa-201406-32.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2423
http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0
http://www.exploit-db.com/exploits/24976
http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
http://www.ubuntu.com/usn/USN-1806-1
http://www.us-cert.gov/ncas/alerts/TA13-107A
952398 https://bugzilla.redhat.com/show_bug.cgi?id=952398
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
CVE-2013-2423 https://nvd.nist.gov/vuln/detail/CVE-2013-2423
CVE-2013-2423;OSVDB-92348 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24976.rb
GLSA-201401-30 https://security.gentoo.org/glsa/201401-30
GLSA-201406-32 https://security.gentoo.org/glsa/201406-32
RHSA-2013:0751 https://access.redhat.com/errata/RHSA-2013:0751
RHSA-2013:0752 https://access.redhat.com/errata/RHSA-2013:0752
RHSA-2013:0757 https://access.redhat.com/errata/RHSA-2013:0757
RHSA-2013:0822 https://access.redhat.com/errata/RHSA-2013:0822
USN-1806-1 https://usn.ubuntu.com/1806-1/
Data source Exploit-DB
Date added April 23, 2013
Description Java Applet - Reflection Type Confusion Remote Code Execution (Metasploit)
Ransomware campaign use Known
Source publication date April 23, 2013
Exploit type remote
Platform multiple
Source update date April 23, 2013
Data source Metasploit
Description This module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass.
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date Jan. 10, 2013
Platform Java,Linux,OSX,Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/java_jre17_reflection_types.rb
Data source KEV
Date added May 25, 2022
Description Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.
Required action Apply updates per vendor instructions.
Due date June 15, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2013-2423
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://rhn.redhat.com/errata/RHSA-2013-0752.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://rhn.redhat.com/errata/RHSA-2013-0752.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://rhn.redhat.com/errata/RHSA-2013-0757.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://rhn.redhat.com/errata/RHSA-2013-0757.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=952398
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=952398
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://security.gentoo.org/glsa/glsa-201406-32.xml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://security.gentoo.org/glsa/glsa-201406-32.xml
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2013-2423
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2013-2423
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://www.exploit-db.com/exploits/24976
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://www.exploit-db.com/exploits/24976
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://www.ubuntu.com/usn/USN-1806-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://www.ubuntu.com/usn/USN-1806-1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://www.us-cert.gov/ncas/alerts/TA13-107A
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://www.us-cert.gov/ncas/alerts/TA13-107A
Exploit Prediction Scoring System (EPSS)
Percentile 0.99813
EPSS Score 0.93397
Published At April 7, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:10:11.273945+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201406-32 38.0.0