Search for vulnerabilities
Vulnerability details: VCID-vavs-nd6d-aaaj
Vulnerability ID VCID-vavs-nd6d-aaaj
Aliases CVE-2012-5076
Summary CVE-2012-5076 OpenJDK: com.sun.org.glassfish.* not restricted packages (JAX-WS, 7163198)
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
ssvc Act http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
ssvc Act http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
cvssv3.1 9.8 http://rhn.redhat.com/errata/RHSA-2012-1386.html
cvssv3.1 9.8 http://rhn.redhat.com/errata/RHSA-2012-1386.html
ssvc Act http://rhn.redhat.com/errata/RHSA-2012-1386.html
ssvc Act http://rhn.redhat.com/errata/RHSA-2012-1386.html
cvssv3.1 9.8 http://rhn.redhat.com/errata/RHSA-2012-1391.html
cvssv3.1 9.8 http://rhn.redhat.com/errata/RHSA-2012-1391.html
ssvc Act http://rhn.redhat.com/errata/RHSA-2012-1391.html
ssvc Act http://rhn.redhat.com/errata/RHSA-2012-1391.html
cvssv3.1 9.8 http://rhn.redhat.com/errata/RHSA-2012-1467.html
cvssv3.1 9.8 http://rhn.redhat.com/errata/RHSA-2012-1467.html
ssvc Act http://rhn.redhat.com/errata/RHSA-2012-1467.html
ssvc Act http://rhn.redhat.com/errata/RHSA-2012-1467.html
rhas Important https://access.redhat.com/errata/RHSA-2012:1386
rhas Critical https://access.redhat.com/errata/RHSA-2012:1391
rhas Critical https://access.redhat.com/errata/RHSA-2012:1467
epss 0.92498 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.92498 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.92498 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9282 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.96259 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.96259 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.96259 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.96890 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.96890 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.96890 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.96890 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.96890 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.96890 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.96890 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.96890 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=865352
cvssv3.1 9.8 http://secunia.com/advisories/51029
cvssv3.1 9.8 http://secunia.com/advisories/51029
ssvc Act http://secunia.com/advisories/51029
ssvc Act http://secunia.com/advisories/51029
cvssv3.1 9.8 http://secunia.com/advisories/51326
cvssv3.1 9.8 http://secunia.com/advisories/51326
ssvc Act http://secunia.com/advisories/51326
ssvc Act http://secunia.com/advisories/51326
cvssv3.1 9.8 http://secunia.com/advisories/51390
cvssv3.1 9.8 http://secunia.com/advisories/51390
ssvc Act http://secunia.com/advisories/51390
ssvc Act http://secunia.com/advisories/51390
generic_textual HIGH http://security.gentoo.org/glsa/glsa-201406-32.xml
ssvc Act http://security.gentoo.org/glsa/glsa-201406-32.xml
ssvc Act http://security.gentoo.org/glsa/glsa-201406-32.xml
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2012-5076
cvssv3.1 9.8 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
cvssv3.1 9.8 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
ssvc Act https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
ssvc Act https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
cvssv3.1 9.8 http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
cvssv3.1 9.8 http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
ssvc Act http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
ssvc Act http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
http://rhn.redhat.com/errata/RHSA-2012-1386.html
http://rhn.redhat.com/errata/RHSA-2012-1391.html
http://rhn.redhat.com/errata/RHSA-2012-1467.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5076.json
https://api.first.org/data/v1/epss?cve=CVE-2012-5076
http://secunia.com/advisories/51029
http://secunia.com/advisories/51326
http://secunia.com/advisories/51390
http://security.gentoo.org/glsa/glsa-201406-32.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
865352 https://bugzilla.redhat.com/show_bug.cgi?id=865352
cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:*:update7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:*:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:*:update7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:*:update7:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
CVE-2012-5076 https://nvd.nist.gov/vuln/detail/CVE-2012-5076
CVE-2012-5076;OSVDB-86363;OSVDB-86350 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/24309.rb
GLSA-201401-30 https://security.gentoo.org/glsa/201401-30
GLSA-201406-32 https://security.gentoo.org/glsa/201406-32
RHSA-2012:1386 https://access.redhat.com/errata/RHSA-2012:1386
RHSA-2012:1391 https://access.redhat.com/errata/RHSA-2012:1391
RHSA-2012:1467 https://access.redhat.com/errata/RHSA-2012:1467
USN-1619-1 https://usn.ubuntu.com/1619-1/
Data source Exploit-DB
Date added Nov. 13, 2012
Description Java Applet - JAX-WS Remote Code Execution (Metasploit)
Ransomware campaign use Known
Source publication date Nov. 13, 2012
Exploit type remote
Platform multiple
Source update date Nov. 13, 2012
Data source Metasploit
Description This module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.
Note 
{}
Ransomware campaign use Unknown
Source publication date Oct. 16, 2012
Platform Java,Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/java_jre17_jaxws.rb
Data source KEV
Date added March 28, 2022
Description The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
Required action Apply updates per vendor instructions.
Due date April 18, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2012-5076
Ransomware campaign use Unknown
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2012-1386.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2012-1386.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://rhn.redhat.com/errata/RHSA-2012-1386.html
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://rhn.redhat.com/errata/RHSA-2012-1386.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2012-1391.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2012-1391.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://rhn.redhat.com/errata/RHSA-2012-1391.html
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://rhn.redhat.com/errata/RHSA-2012-1391.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2012-1467.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2012-1467.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://rhn.redhat.com/errata/RHSA-2012-1467.html
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://rhn.redhat.com/errata/RHSA-2012-1467.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/51029
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/51029
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://secunia.com/advisories/51029
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://secunia.com/advisories/51029
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/51326
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/51326
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://secunia.com/advisories/51326
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://secunia.com/advisories/51326
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/51390
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/51390
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://secunia.com/advisories/51390
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://secunia.com/advisories/51390
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://security.gentoo.org/glsa/glsa-201406-32.xml
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://security.gentoo.org/glsa/glsa-201406-32.xml
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2012-5076
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.99721
EPSS Score 0.92498
Published At June 9, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.