4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
7.8 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.7%
An unspecified vulnerability was found in Oracle Java SE components. By exploiting this vulnerability malicious users can gain privileges and obtain sensitive information. This vulnerability can be exploited remotely by an unauthenticater attacker having network access via multiple protocols.
Technical details
Vulnerability described above is related to Libraries subcomponent of Java SE and Java SE Embedded components or Oracle Java SE.
This vulnerability is frequently applicable to Java deployments, where clients rely on the security of the Java sandbox and use sandboxed Java applets or sandboxed Java Web Start applications, which load and run untrusted code, for example, code coming from the internet.
Given vulnerability is frequently not applicable to Java deployments, where only trusted code is loaded and run on servers (for example, code provided by an administrator).
Oracle Critical Patch Update Advisory
CVE-2016-5548 warning
Update to the latest versions
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
statistics.securelist.com/
threats.kaspersky.com/en/product/Oracle-Java-JDK-1.7.x/
threats.kaspersky.com/en/product/Oracle-Java-JDK-1.8.x-3/
threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/
threats.kaspersky.com/en/product/Oracle-Java-JRE-1.8.x/
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
7.8 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.7%