| Vulnerability Name: | CVE-2013-1474 (CCN-81779) | ||||||||||||
| Assigned: | 2013-02-01 | ||||||||||||
| Published: | 2013-02-01 | ||||||||||||
| Updated: | 2017-09-19 | ||||||||||||
| Summary: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" | ||||||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Unknown | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2013-1474 Source: HP Type: UNKNOWN HPSBMU02874 Source: CCN Type: SA52064 Oracle Java Multiple Vulnerabilities Source: CCN Type: SA52065 Oracle JavaFX Multiple Vulnerabilities Source: CCN Type: IBM Security Bulletin 1628927 Rational Host On-Demand clients affected by vulnerabilities in IBM JRE Source: CCN Type: IBM Security Bulletin 1635864 IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE 6.0 Source: CCN Type: IBM Security Bulletin 1650822 Java Security Vulnerabilitys addressed in IBM Tivoli Netcool OMNIbus Source: CERT-VN Type: US Government Resource VU#858729 Source: CCN Type: Oracle Critical Patch Update Oracle Java SE Critical Patch Update Advisory - February 2013 Source: CONFIRM Type: Vendor Advisory http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html Source: CCN Type: BID-57690 Oracle Java SE CVE-2013-1474 JavaFX Remote Security Vulnerability Source: CERT Type: US Government Resource TA13-032A Source: XF Type: UNKNOWN oracle-javacpufeb2013-cve20131474(81779) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:16378 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||