CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.7%
This update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and security issues :
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. (CVE-2010-0084)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0085)
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0087)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0088)
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. (CVE-2010-0089)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. (CVE-2010-0091)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0095)
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0839)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) ‘a similar trust issue with interfaces,’ aka ‘Trusted Methods Chaining Remote Code Execution Vulnerability.’.
(CVE-2010-0840)
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and ‘stepX’.
(CVE-2010-0841)
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure. (CVE-2010-0842)
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code. (CVE-2010-0843)
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory. (CVE-2010-0844)
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an ‘invalid assignment’ and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).
(CVE-2010-0846)
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.
(CVE-2010-0847)
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0848)
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.
(CVE-2010-0849)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(50915);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/25");
script_cve_id(
"CVE-2010-0084",
"CVE-2010-0085",
"CVE-2010-0087",
"CVE-2010-0088",
"CVE-2010-0089",
"CVE-2010-0091",
"CVE-2010-0095",
"CVE-2010-0839",
"CVE-2010-0840",
"CVE-2010-0841",
"CVE-2010-0842",
"CVE-2010-0843",
"CVE-2010-0844",
"CVE-2010-0846",
"CVE-2010-0847",
"CVE-2010-0848",
"CVE-2010-0849"
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/15");
script_name(english:"SuSE 11 / 11.1 Security Update : IBM Java / Java (SAT Patch Numbers 2812 / 2813)");
script_set_attribute(attribute:"synopsis", value:
"The remote SuSE 11 host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and
security issues :
- Unspecified vulnerability in the Java Runtime
Environment component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
remote attackers to affect confidentiality via unknown
vectors. (CVE-2010-0084)
- Unspecified vulnerability in the Java Runtime
Environment component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, 1.4.225, and
1.3.127 allows remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors. (CVE-2010-0085)
- Unspecified vulnerability in the Java Web Start, Java
Plug-in component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, 1.4.225, and
1.3.127 allows remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors. (CVE-2010-0087)
- Unspecified vulnerability in the Java Runtime
Environment component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, 1.4.225, and
1.3.127 allows remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors. (CVE-2010-0088)
- Unspecified vulnerability in the Java Web Start, Java
Plug-in component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
remote attackers to affect availability via unknown
vectors. (CVE-2010-0089)
- Unspecified vulnerability in the Java Runtime
Environment component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
remote attackers to affect confidentiality via unknown
vectors. (CVE-2010-0091)
- Unspecified vulnerability in the Java Runtime
Environment component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
remote attackers to affect confidentiality, integrity,
and availability via unknown vectors. (CVE-2010-0095)
- Unspecified vulnerability in the Sound component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. (CVE-2010-0839)
- Unspecified vulnerability in the Java Runtime
Environment component in Oracle Java SE and Java for
Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
remote attackers to affect confidentiality, integrity,
and availability via unknown vectors. NOTE: the previous
information was obtained from the March 2010 CPU. Oracle
has not commented on claims from a reliable researcher
that this is related to improper checks when executing
privileged methods in the Java Runtime Environment
(JRE), which allows attackers to execute arbitrary code
via (1) an untrusted object that extends the trusted
class but has not modified a certain method, or (2) 'a
similar trust issue with interfaces,' aka 'Trusted
Methods Chaining Remote Code Execution Vulnerability.'.
(CVE-2010-0840)
- Unspecified vulnerability in the ImageIO component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, and 1.4.2_25 allows remote attackers to
affect confidentiality, integrity, and availability via
unknown vectors. NOTE: the previous information was
obtained from the March 2010 CPU. Oracle has not
commented on claims from a reliable researcher that this
is an integer overflow in the Java Runtime Environment
that allows remote attackers to execute arbitrary code
via a JPEG image that contains subsample dimensions with
large values, related to JPEGImageReader and 'stepX'.
(CVE-2010-0841)
- Unspecified vulnerability in the Sound component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. NOTE: the previous
information was obtained from the March 2010 CPU. Oracle
has not commented on claims from a reliable researcher
that this is an uncontrolled array index that allows
remote attackers to execute arbitrary code via a MIDI
file with a crafted MixerSequencer object, related to
the GM_Song structure. (CVE-2010-0842)
- Unspecified vulnerability in the Sound component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. NOTE: the previous
information was obtained from the March 2010 CPU. Oracle
has not commented on claims from a reliable researcher
that this is related to XNewPtr and improper handling of
an integer parameter when allocating heap memory in the
com.sun.media.sound libraries, which allows remote
attackers to execute arbitrary code. (CVE-2010-0843)
- Unspecified vulnerability in the Sound component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. NOTE: the previous
information was obtained from the March 2010 CPU. Oracle
has not commented on claims from a reliable researcher
that this is for improper parsing of a crafted MIDI
stream when creating a MixerSequencer object, which
causes a pointer to be corrupted and allows a NULL byte
to be written to arbitrary memory. (CVE-2010-0844)
- Unspecified vulnerability in the ImageIO component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. NOTE: the previous
information was obtained from the March 2010 CPU. Oracle
has not commented on claims from a reliable researcher
that this is a heap-based buffer overflow that allows
remote attackers to execute arbitrary code, related to
an 'invalid assignment' and inconsistent length values
in a JPEG image encoder (JPEGImageEncoderImpl).
(CVE-2010-0846)
- Unspecified vulnerability in the Java 2D component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. NOTE: the previous
information was obtained from the March 2010 CPU. Oracle
has not commented on claims from a reliable researcher
that this is a heap-based buffer overflow that allows
arbitrary code execution via a crafted image.
(CVE-2010-0847)
- Unspecified vulnerability in the Java 2D component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. (CVE-2010-0848)
- Unspecified vulnerability in the Java 2D component in
Oracle Java SE and Java for Business 6 Update 18, 5.0
Update 23, 1.4.2_25, and 1.3.1_27 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. NOTE: the previous
information was obtained from the March 2010 CPU. Oracle
has not commented on claims from a reliable researcher
that this is a heap-based buffer overflow in a decoding
routine used by the JPEGImageDecoderImpl interface,
which allows code execution via a crafted JPEG image.
(CVE-2010-0849)");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=594791");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0084.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0085.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0087.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0088.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0089.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0091.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0095.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0839.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0840.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0841.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0842.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0843.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0844.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0846.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0847.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0848.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0849.html");
script_set_attribute(attribute:"solution", value:
"Apply SAT patch number 2812 / 2813 as appropriate.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"patch_publication_date", value:"2010/07/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-jdbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-plugin");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
flag = 0;
if (rpm_check(release:"SLES11", sp:0, reference:"java-1_4_2-ibm-1.4.2_sr13.5-0.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"java-1_4_2-ibm-jdbc-1.4.2_sr13.5-0.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"java-1_4_2-ibm-plugin-1.4.2_sr13.5-0.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"java-1_4_2-ibm-1.4.2_sr13.5-0.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"java-1_4_2-ibm-jdbc-1.4.2_sr13.5-0.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"java-1_4_2-ibm-plugin-1.4.2_sr13.5-0.1.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849
support.novell.com/security/cve/CVE-2010-0084.html
support.novell.com/security/cve/CVE-2010-0085.html
support.novell.com/security/cve/CVE-2010-0087.html
support.novell.com/security/cve/CVE-2010-0088.html
support.novell.com/security/cve/CVE-2010-0089.html
support.novell.com/security/cve/CVE-2010-0091.html
support.novell.com/security/cve/CVE-2010-0095.html
support.novell.com/security/cve/CVE-2010-0839.html
support.novell.com/security/cve/CVE-2010-0840.html
support.novell.com/security/cve/CVE-2010-0841.html
support.novell.com/security/cve/CVE-2010-0842.html
support.novell.com/security/cve/CVE-2010-0843.html
support.novell.com/security/cve/CVE-2010-0844.html
support.novell.com/security/cve/CVE-2010-0846.html
support.novell.com/security/cve/CVE-2010-0847.html
support.novell.com/security/cve/CVE-2010-0848.html
support.novell.com/security/cve/CVE-2010-0849.html
bugzilla.novell.com/show_bug.cgi?id=594791
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.7%