CVE-2014-2398

8 documents7 sources

Severity

3.5LOW

EPSS

0.3%

top 50.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Forms Viewer Canonical Ubuntu Linux Debian Debian Linux +4 more

Timeline

PublishedApr 16

Latest updateMay 10

Description

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages6 packages

▶NVDoracle/javafx2.2.51

▶NVDoracle/jrockitr27.8.1, r28.3.1+1

▶NVDoracle/jdk4 versions+3

▶NVDoracle/jre4 versions+3

▶NVDibm/forms_viewer4.0.0 — 4.0.0.3+1

Also affects: Debian Linux 6.0, 7.0, 8.0, Ubuntu Linux 10.04, 12.04, 12.10, 13.10, 14.04

🔴Vulnerability Details

GHSA

GHSA-m5wr-fv5w-98p4: Unspecified vulnerability in Oracle Java SE 5↗2022-05-10

▶

CVEList

CVE-2014-2398: Unspecified vulnerability in Oracle Java SE 5↗2014-04-16

▶

OSV

CVE-2014-2398: Unspecified vulnerability in Oracle Java SE 5↗2014-04-15

▶

📋Vendor Advisories

Ubuntu

OpenJDK 6 vulnerabilities↗2014-05-01

▶

Ubuntu

OpenJDK 7 vulnerabilities↗2014-04-30

▶

Red Hat

OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)↗2014-04-15

▶

💬Community

Bugzilla

CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)↗2014-04-11

▶