⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..
CVE-2011-3544
Severity
9.8CRITICAL
EPSS
92.5%
top 0.26%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedOct 19
KEV addedMar 3
KEV dueMar 24
Latest updateMay 14
CISA Required Action: Apply updates per vendor instructions.
Description
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages5 packages
Also affects: Ubuntu Linux 10.04, 10.10, 11.04, 11.10
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-25jq-3vh4-pgv4: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untruste↗2022-05-14
CVEList▶
CVE-2011-3544: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untruste↗2011-10-19
💥Exploits & PoCs
1🔍Detection Rules
2📋Vendor Advisories
3💬Community
1Bugzilla▶
CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)↗2011-10-12