CVE-2013-1489 — Oracle JDK vulnerability
4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
17.3%
top 4.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 31
Latest updateMay 17
Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
CVSS vector
AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0
Affected Packages2 packages
🔴Vulnerability Details
1GHSAâ–¶
GHSA-2684-x557-ppqj: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using I↗2022-05-17
📋Vendor Advisories
1Red Hatâ–¶
7: bypass of the security level setting in browser plugin (Deployment, SE-2012-01 Issue 53)↗2013-01-27
💬Community
1Bugzillaâ–¶
CVE-2013-1489 Oracle JDK 7: bypass of the security level setting in browser plugin (Deployment, SE-2012-01 Issue 53)↗2013-01-31