CVE-2014-6532 — XML External Entity (XXE) Injection in Oracle JDK
Severity
9.3CRITICALNVD
NVD7.6CNA7.6GHSA5.0
EPSS
6.9%
top 8.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 15
Latest updateMay 14
Description
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages12 packages
Patches
🔴Vulnerability Details
9GHSA▶
GHSA-jvx7-35cg-w97r: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un↗2022-05-13
GHSA▶
GHSA-x9c3-pfjg-6f43: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un↗2022-05-13
GHSA▶
GHSA-wqrv-8v5g-pgqj: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un↗2022-05-13
GHSA▶
GHSA-9x5w-fgxg-c345: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un↗2022-05-13
📋Vendor Advisories
8Debian▶
CVE-2014-6532: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...↗2014
💬Community
1Bugzilla▶
CVE-2014-6532 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)↗2014-10-14