10
HIGH

CVE-2014-6549

Published: 21/01/2015 Updated: 22/12/2016
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

Vulnerability Summary

Unspecified vulnerability in Oracle Java SE 8u25 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Vulnerability Trend

Affected Products

Vendor Product Versions
OracleJdk1.8.0
OracleJre1.8.0

Vendor Advisories

An improper permission check issue was discovered in the Libraries component in OpenJDK An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions ...
Synopsis Critical: java-170-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-170-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 5 SupplementaryRed Hat Product Security has rated this update as having Critical securityimpact C ...
Synopsis Critical: java-171-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-171-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 6 and 7 SupplementaryRed Hat Product Security has rated this update as having Critical securityimp ...
Synopsis Important: java-180-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-180-openjdk packages that fix multiple security issues arenow available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having Important securityimpact Com ...
Synopsis Critical: java-180-oracle security update Type/Severity Security Advisory: Critical Topic Updated java-180-oracle packages that fix several security issues are nowavailable for Oracle Java for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having Critical securityi ...
Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions (CVE-2014-6601 , CVE-2015-0437 ) Multiple improper permission check issue ...
<!-- content goes here --> Oracle Critical Patch Update Advisory - January 2015 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisor ...

References