9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.483 Medium
EPSS
Percentile
97.4%
Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and
earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18
and earlier allow remote attackers to execute arbitrary code via a crafted
jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3)
user.home System Properties, aka “Java Web Start File Inclusion” and CR
6694892.