⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-04-18.
CVE-2013-2465
Severity
9.8CRITICAL
EPSS
93.2%
top 0.20%
CISA KEV
KEVRansomware
Added 2022-03-28
Due 2022-04-18
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJun 18
KEV addedMar 28
KEV dueApr 18
Latest updateMay 14
CISA Required Action: Apply updates per vendor instructions.
Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors relate…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages6 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-498p-qg8p-wgxg: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5↗2022-05-14
CVEList▶
CVE-2013-2465: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5↗2013-06-18