CVE-2010-2548

CWE-863Incorrect Authorization6 documents6 sources
Severity
9.1CRITICAL
EPSS
0.3%
top 43.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Icedtea6Icedtea Icedtea6
Timeline
PublishedOct 31
Latest updateApr 21

Description

IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDredhat/icedtea6< 1.7.4
CVEListV5icedtea/icedtea61.7.4

Patches

Patch: blog.fuseyism.comPatch: blog.fuseyism.com

🔴Vulnerability Details

2
GHSA
GHSA-w978-mmpv-hphg: IcedTea6 before 12022-04-21
CVEList
CVE-2010-2548: IcedTea6 before 12019-10-31

📋Vendor Advisories

2
Ubuntu
OpenJDK vulnerabilities2010-08-16
Red Hat
IcedTea Incomplete property access check for unsigned applications2010-07-28

💬Community

1
Bugzilla
CVE-2010-2548 IcedTea Incomplete property access check for unsigned applications2010-07-21
CVE-2010-2548 (CRITICAL CVSS 9.1) | IcedTea6 before 1.7.4 does not prop | cvebase.io