5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
70.0%
Vulnerability in the Java SE product of Oracle Java SE (component:
ImageIO). Supported versions that are affected are Java SE: 11.0.7 and
14.0.1. Easily exploitable vulnerability allows unauthenticated attacker
with network access via multiple protocols to compromise Java SE.
Successful attacks of this vulnerability can result in unauthorized ability
to cause a partial denial of service (partial DOS) of Java SE. Note: This
vulnerability applies to Java deployments, typically in clients running
sandboxed Java Web Start applications or sandboxed Java applets, that load
and run untrusted code (e.g., code that comes from the internet) and rely
on the Java sandbox for security. This vulnerability does not apply to Java
deployments, typically in servers, that load and run only trusted code
(e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3
(Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | openjdk-lts | < 11.0.8+10-0ubuntu1~18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | openjdk-lts | < 11.0.8+10-0ubuntu1~20.04 | UNKNOWN |
ubuntu | 20.10 | noarch | openjdk-lts | < 11.0.8+10-0ubuntu1 | UNKNOWN |
ubuntu | 21.04 | noarch | openjdk-lts | < 11.0.8+10-0ubuntu1 | UNKNOWN |
ubuntu | 21.10 | noarch | openjdk-lts | < 11.0.8+10-0ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | openjdk-lts | < 11.0.8+10-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | openjdk-lts | < 11.0.8+10-0ubuntu1 | UNKNOWN |
ubuntu | 23.04 | noarch | openjdk-lts | < 11.0.8+10-0ubuntu1 | UNKNOWN |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
70.0%