Home / Vulnerabilities / CVE-2016-3427
CRITICAL SEVERITY
CVE-2016-3427Oracle · Java SE and JRockit

Oracle Java SE and JRockit Unspecified Vulnerability

Technical Severity

CVSS v3.1 Metrics

CRITICAL
9.8 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

94.02 %
Predictive Probability
Percentile Rank
99.9 th

Documented as more likely to be exploited than 99.9% of known CVEs.

Detection Date

May 12, 2023

Remediation Due

Jun 02, 2023

CISA Catalog Active

Threat Analysis

Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

Remediation Directive

Apply updates per vendor instructions.

External Intelligence

https://www.oracle.com/security-alerts/cpuapr2016v3.html

https://www.oracle.com/security-alerts/cpuapr2016v3.html

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2016-3427