CVE-2011-3544
critical-risk
Published 2011-10-19
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
Do I need to act?
!
92.5% chance of exploitation in next 30 days
EPSS score — higher than 7% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
References (31)
Mailing List
http://marc.info/?l=bugtraq&m=132750579901589&w=2
Mailing List
http://marc.info/?l=bugtraq&m=134254866602253&w=2
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1455.html
Broken Link
http://secunia.com/advisories/48308
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201406-32.xml
Broken Link
http://www.securityfocus.com/bid/50218
Broken Link
http://www.securitytracker.com/id?1026215
Third Party Advisory
http://www.ubuntu.com/usn/USN-1263-1
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
Mailing List
http://marc.info/?l=bugtraq&m=132750579901589&w=2
Mailing List
http://marc.info/?l=bugtraq&m=134254866602253&w=2
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1455.html
and 11 more references
Get this data via API
curl -H "Authorization: Bearer YOUR_KEY" \
https://cyber.phasetransitions.ai/api/v1/cves/CVE-2011-3544
Free tier: 100 requests/day, no credit card.
96
/ 100
critical-risk
Severity
32/34 · Critical
Exploitability
34/34 · Critical
Exposure
30/34 · Critical