CVE-2016-5568 — Improper Access Control in Oracle JDK

CWE-284 — Improper Access Control6 documents6 sources

Severity

9.6CRITICALNVD

EPSS

0.9%

top 24.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle JDK Oracle JRE

Timeline

PublishedOct 25

Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages2 packages

▶NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2

▶NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-x6qx-38ch-f4w9: Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via↗2022-05-13

▶

CVEList

CVE-2016-5568: Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via↗2016-10-25

▶

📋Vendor Advisories

Red Hat

OpenJDK: incorrect menu handling on Windows (AWT, 8158993)↗2016-10-18

▶

Debian

CVE-2016-5568: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remot...↗2016

▶

💬Community

Bugzilla

CVE-2016-5568 OpenJDK: incorrect menu handling on Windows (AWT, 8158993)↗2016-10-18

▶