Overview
- Description
- Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Known exploits
Data from CISA
- Vulnerability name
- Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
- Exploit added on
- Mar 3, 2022
- Exploit action due
- Mar 24, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A420DA5-1346-446B-8D23-E1E6DDBE527E"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8CA8719-7ABE-4279-B49E-C414794A4FE1"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC92B7EC-849F-4255-9D55-43681B8DADC4"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2ABC1045-7D3D-4A14-B994-7E60A4BB4C9C"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F3C1E65-929A-4468-8584-F086E6E59839"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42C95C1D-0C2E-4733-AB1B-65650D88995D"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47A9F499-D1E3-41BD-AC18-E8D3D3231C12"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D45B0D7E-BA0F-4AAA-A7BA-2ADA4CC90D94"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D58A3E4F-2409-440A-891E-0B84D79AB480"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FC2226B-CFEF-48A4-83EA-1F59F4AF7528"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F29DC78F-4D02-47B4-A955-32080B22356C"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81A4204E-6F50-45FB-A343-7A30C0CD6D3D"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6E07069-D6EE-4D44-94A6-CDCA4A50E6F9"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B151882-47C0-400E-BBAB-A949E6140C86"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update21:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DB4F19E-DFC4-42F4-87B9-32FB1C496649"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "301E96A3-AD2F-48F3-9166-571BD6F9FAE3"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C9215D9-DB64-4CEE-85E6-E247035EFB09"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "352509FE-54D9-4A59-98B7-96E5E98BC2CF"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3EC13D3-4CE7-459C-A7D7-7D38C1284720"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CDCD1B4-C5F3-4188-B05F-23922F7DE517"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1824DA2D-26D5-4595-8376-8E41AB8C5E52"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B72F78B7-10D1-49CF-AC4D-3B10921CB633"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "344FA3EA-9E25-493C-976A-211D1404B251"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60D05860-9424-4727-B583-74A35BC9BDFD"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F85DB431-FEA4-42E7-AC29-6B66174DCD9E"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB7E911C-C780-440A-ABFF-CCE09061BB4F"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update33:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0381EE39-2F60-49FD-A63A-B9E81C9033CB"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update34:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AD75455-B7F0-4F42-98E7-CAA43787D606"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D081A380-5AA4-4451-94A9-7B65810106E3"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "112E7575-A3A0-4A94-AD39-7B2325B150B8"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "708E8CEF-82EE-4D4B-ABF9-87AA4878F517"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5D9D9A7-8819-44A4-80AC-52D6B63A0C9B"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEB2C8A3-E0DC-46A3-BD82-8E45DA55ED0E"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64B5B16D-061A-438D-A8CF-9E63D6C748D7"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACABC935-5DD6-4F85-992E-70AD517EF41D"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6152036D-6421-4AE4-9223-766FE07B5A44"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D375CECB-405C-4E18-A7E8-9C5A2F97BD69"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52EEEA5A-E77C-43CF-A063-9D5C64EA1870"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "003746F6-DEF0-4D0F-AD97-9E335868E301"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF830E0E-0169-4B6A-81FF-2E9FCD7D913B"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6BAE3670-0938-480A-8472-DFF0B3A0D0BF"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB864346-1429-46B5-A91E-A1126C486421"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F199B346-B95E-4DCA-B750-148A36D559BA"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D16229B8-1642-4C10-8650-A9CEA9D4C98C"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1714BDEF-6B0E-42BB-9510-3F9B52E170BC"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "830A3A51-F17A-4C61-8F5C-6A4582A64DA6"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DE0E496-719D-4CEF-837F-B060A898099F"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B02F361-0C64-4CB8-8DAD-A63F1A9CC025"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD4CC3E2-7BEA-4D8C-811C-C5012327A9AA"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F63A8AC-893D-4D75-B467-85E70B62541D"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7823AE6-CB18-47DE-8A4F-1F98394B7237"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "381EFA43-DB73-48EA-A4B1-F451EF60D845"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77C54E00-0197-4C87-9BFF-01A099AC3006"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64AD6007-EB92-4D0E-A0CB-8FFDDB61AA6D"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7415177F-A2FE-47AB-8D92-194A4F6D75C8"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update21:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52FA600C-08B6-4143-9C72-DB31E489DE3E"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF13B96D-1F80-4672-8DA3-F86F6D3BF070"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1A2D440-D966-41A6-955D-38B28DDE0FDB"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1C57774-AD93-4162-8E45-92B09139C808"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD7C4194-D34A-418F-9B00-5C6012844AAE"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAF7D86B-1B4D-4E1F-9EF0-DA7E419D7E99"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0B82FB1-0F0E-44F9-87AE-628517279E4D"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0A67640-2F4A-488A-9D8F-3FE1F4DA8DEF"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2752B83A-6DD2-4829-9E4F-42CDDCBC38C0"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D60D98D-4363-44A0-AAB4-B61BA623EE21"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23CDA4F0-C32B-4B08-A377-7D4426C2F569"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E76476E-4120-46A9-90A8-A95FE89636CD"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97A84689-0CED-404F-8DC3-708BEB37D2CE"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update34:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "738EC3E5-A4EB-47FE-9C9A-7C8E8C669765"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "964CCFD6-316A-48C6-9A6B-7CFD1A1FB027"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC8771D7-9531-4A1D-B2DE-FAA7A7549801"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C59C275-5964-4E5D-BE80-BA4EA34BEA62"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47C1922B-37E8-4009-97C7-B243F6F96704"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B3A8681-3EAC-4D02-811A-5FCCCC7B5635"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFAA351A-93CD-46A8-A480-CE2783CCD620"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
}
],
"operator": "OR"
}
]
}
]