- Description
- Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492.
- Source
- secalert_us@oracle.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
- Comment
- Per Oracle: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. (http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html)
- Impact
- -
- Solution
- -
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update76:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2C5FA21-4D3B-4739-92A1-B87A1A63F29B"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update40:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8348D050-22EF-49AC-960A-ADBA1441FFC0"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update76:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50E5F104-C20F-4E6B-AD70-8FEC1B9A9B46"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update40:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB2AF8BC-7643-4CBF-83C0-CA4656AC4FB4"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:javafx:2.2.76:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40229F01-B2C6-44EA-8DF8-C316B52F5848"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810"
}
],
"operator": "OR"
}
]
}
]