CVE-2009-2689

CWE-2646 documents6 sources

Severity

10.0CRITICAL

EPSS

7.5%

top 8.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java SE

Timeline

PublishedAug 10

Latest updateMay 2

Description

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDsun/java_se5.0+1

Patches

Patch: java.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-vvrm-5g2q-cfmr: JDK13Services↗2022-05-02

▶

CVEList

CVE-2009-2689: JDK13Services↗2009-08-10

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2009-08-11

▶

Red Hat

OpenJDK JDK13Services grants unnecessary privileges (6777448)↗2009-08-05

▶

💬Community

Bugzilla

CVE-2009-2689 OpenJDK JDK13Services grants unnecessary privileges (6777448)↗2009-07-22

▶