CVE-2016-3427

critical-risk

Published 2016-04-21

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

Do I need to act?

94.0% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Fix available

Upgrade to: 94e9149c22f6a7772c0015e1b1ef2e2961155c0a, d4938cf4e488a9ef3ac48164a3e946f16255d721, 45331bb612dc7847efece7e26cdd0b376bd11249, 8b29b698630960a0ebb2c695cc5b21dee4686d09

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Jdk

Jre

Linux

Ubuntu Linux

Debian Linux

E-Series Santricity Management Plug-Ins

Oncommand Balance

Oncommand Cloud Manager

Oncommand Insight

Oncommand Unified Manager

Oncommand Workflow Automation

Storagegrid

Vasa Provider For Clustered Data Ontap

Virtual Storage Console

Cassandra

Satellite

Affected Vendors

Suse Apache Netapp Oracle Debian Canonical Redhat Opensuse

References (119)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0650.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0651.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0675.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0676.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0677.html

and 99 more references

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 27/34 · High

Exposure 28/34 · Critical