Lucene search

K
redosRedosROS-20240522-05
HistoryMay 22, 2024 - 12:00 a.m.

ROS-20240522-05

2024-05-2200:00:00
redos.red-soft.ru
4
java se
graalvm
apache xalan
insufficient data validation
remote attacker
arbitrary code execution
network packets manipulation

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.3%

A vulnerability in the Hotspot component of Java SE software platforms, Oracle GraalVM Enterprise Virtual Machine
Edition is related to insufficient input data validation. Exploitation of the vulnerability could allow
A remote attacker to create, delete, or modify access to data

Vulnerability in Apache Xalan Java XSLT library is related to an integer value conversion error during
XSLT stylesheets. Exploitation of the vulnerability could allow an attacker acting remotely,
execute arbitrary code

Vulnerability in the Hotspot component of Java SE software platforms, Oracle GraalVM Enterprise virtual machine and Oracle GraalVM Enterprise
Edition is related to insufficient input data validation. Exploitation of the vulnerability could allow
a remote attacker to gain access to read data using network packets

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64java-11-openjdk<= 11.0.17.0.8-1UNKNOWN

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.3%