⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-06-15.
CVE-2013-0431 — Protection Mechanism Failure in Oracle JRE
Severity
5.3MEDIUMNVD
EPSS
91.6%
top 0.32%
CISA KEV
KEVRansomware
Added 2022-05-25
Due 2022-06-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJan 31
KEV addedMay 25
KEV dueJun 15
CISA Required Action: Apply updates per vendor instructions.
Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages2 packages
🔴Vulnerability Details
3GHSA▶
GHSA-h3cw-j9j9-5pc4: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted r↗2022-05-05
CVEList▶
CVE-2013-0431: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted r↗2013-01-31
💥Exploits & PoCs
1📋Vendor Advisories
5Red Hat▶
OpenJDK: JMX Introspector missing package access check (JMX, 8000539, SE-2012-01 Issue 52)↗2013-01-27
💬Community
3Bugzilla
▶
Bugzilla▶
CVE-2013-0431 OpenJDK: JMX Introspector missing package access check (JMX, 8000539, SE-2012-01 Issue 52)↗2013-01-31