CVE-2014-4268

MEDIUM

Description

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing.

References

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html

http://marc.info/?l=bugtraq&m=140852886808946&w=2

http://marc.info/?l=bugtraq&m=140852974709252&w=2

http://seclists.org/fulldisclosure/2014/Dec/23

http://secunia.com/advisories/59404

http://secunia.com/advisories/59680

http://secunia.com/advisories/60081

http://secunia.com/advisories/60129

http://secunia.com/advisories/60317

http://secunia.com/advisories/60485

http://secunia.com/advisories/60622

http://secunia.com/advisories/60812

http://secunia.com/advisories/60817

http://secunia.com/advisories/61577

http://secunia.com/advisories/61640

http://security.gentoo.org/glsa/glsa-201502-12.xml

http://www.debian.org/security/2014/dsa-2980

http://www.debian.org/security/2014/dsa-2987

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.securityfocus.com/bid/68615

http://www.securitytracker.com/id/1030577

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www-01.ibm.com/support/docview.wss?uid=swg21680334

http://www-01.ibm.com/support/docview.wss?uid=swg21686383

http://www-01.ibm.com/support/docview.wss?uid=swg21686824

https://exchange.xforce.ibmcloud.com/vulnerabilities/94602

Details

Source: MITRE

Published: 2014-07-17

Updated: 2020-09-08

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jdk:1.5.0:update_65:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_75:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update60:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.5.0:update_65:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_75:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_60:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_5:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
82241Debian DLA-96-1 : openjdk-6 security updateNessusDebian Local Security Checks
high
81370GLSA-201502-12 : Oracle JRE/JDK: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
80046openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)NessusSuSE Local Security Checks
critical
80045openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1645-1)NessusSuSE Local Security Checks
critical
79865VMware Security Updates for vCenter Server (VMSA-2014-0012)NessusMisc.
critical
79864VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0012)NessusWindows
critical
77724Ubuntu 14.04 LTS : openjdk-7 update (USN-2319-3)NessusUbuntu Local Security Checks
high
77387Ubuntu 14.04 LTS : openjdk-7 regression (USN-2319-2)NessusUbuntu Local Security Checks
high
77333AIX Java Advisory : java_jul2014_advisory.ascNessusAIX Local Security Checks
critical
77319SuSE 11.3 Security Update : IBM Java (SAT Patch Number 9615)NessusSuSE Local Security Checks
critical
77282Puppet Enterprise 3.3.0 Bundled Oracle Java VulnerabilitiesNessusCGI abuses
critical
77274Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-2319-1)NessusUbuntu Local Security Checks
high
77273SuSE 11.3 Security Update : IBM Java 1.7.0 (SAT Patch Number 9616)NessusSuSE Local Security Checks
critical
77181Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2312-1)NessusUbuntu Local Security Checks
high
76998SuSE 11.3 Security Update : openjdk (SAT Patch Number 9543)NessusSuSE Local Security Checks
critical
76842Debian DSA-2987-1 : openjdk-7 - security updateNessusDebian Local Security Checks
high
76689Debian DSA-2980-1 : openjdk-6 - security updateNessusDebian Local Security Checks
high
76533Oracle Java SE Multiple Vulnerabilities (July 2014 CPU) (Unix)NessusMisc.
critical
76532Oracle Java SE Multiple Vulnerabilities (July 2014 CPU)NessusWindows
critical