CVE-2014-2428

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

References

http://marc.info/?l=bugtraq&m=140852886808946&w=2

http://marc.info/?l=bugtraq&m=140852974709252&w=2

http://security.gentoo.org/glsa/glsa-201502-12.xml

http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

http://www.securityfocus.com/bid/66870

http://www-01.ibm.com/support/docview.wss?uid=swg21672080

https://access.redhat.com/errata/RHSA-2014:0413

https://access.redhat.com/errata/RHSA-2014:0414

Details

Source: MITRE

Published: 2014-04-16

Updated: 2020-09-08

Risk Information

CVSS v2

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jdk:1.6.0:update_71:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update51:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_71:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_51:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:ibm:infosphere_streams:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:infosphere_streams:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:infosphere_streams:3.2.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
81370GLSA-201502-12 : Oracle JRE/JDK: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
79039RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2014:0982)NessusRed Hat Local Security Checks
critical
79011RHEL 5 / 6 : java-1.6.0-sun (RHSA-2014:0414)NessusRed Hat Local Security Checks
medium
79010RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0413)NessusRed Hat Local Security Checks
critical
77812IBM Notes 9.0.x < 9.0.1 Fix Pack 2 Multiple VulnerabilitiesNessusWindows
critical
77811IBM Domino 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (credentialed check) (POODLE)NessusWindows
critical
77810IBM Domino 9.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (uncredentialed check)NessusMisc.
critical
77728VMware Security Updates for vCenter Server (VMSA-2014-0008)NessusMisc.
critical
77727VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0008)NessusWindows
critical
76900RHEL 7 : java-1.7.1-ibm (RHSA-2014:0705)NessusRed Hat Local Security Checks
critical
76870AIX Java Advisory : java_apr2014_advisory.ascNessusAIX Local Security Checks
critical
74284SuSE 11.3 Security Update : IBM Java 6 (SAT Patch Number 9256)NessusSuSE Local Security Checks
critical
74254SuSE 11.3 Security Update : IBM Java 7 (SAT Patch Number 9263)NessusSuSE Local Security Checks
critical
74031RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:0508)NessusRed Hat Local Security Checks
critical
74005RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2014:0486)NessusRed Hat Local Security Checks
critical
73608RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0412)NessusRed Hat Local Security Checks
critical
73571Oracle Java SE Multiple Vulnerabilities (April 2014 CPU) (Unix)NessusMisc.
critical
73570Oracle Java SE Multiple Vulnerabilities (April 2014 CPU)NessusWindows
critical