Vulnerability Name:

CVE-2014-0410 (CCN-90322)

Assigned:2013-12-12
Published:2014-01-14
Updated:2022-05-13
Summary:Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Unknown
References:Source: MITRE
Type: CNA
CVE-2014-0410

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0246

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0266

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0451

Source: HP
Type: UNKNOWN
SSRT101454

Source: HP
Type: UNKNOWN
SSRT101455

Source: OSVDB
Type: UNKNOWN
102024

Source: CCN
Type: RHSA-2014-0030
Critical: java-1.7.0-oracle security update

Source: REDHAT
Type: UNKNOWN
RHSA-2014:0030

Source: CCN
Type: RHSA-2014-0134
Critical: java-1.7.0-ibm security update

Source: REDHAT
Type: UNKNOWN
RHSA-2014:0134

Source: CCN
Type: RHSA-2014-0135
Critical: java-1.6.0-ibm security update

Source: REDHAT
Type: UNKNOWN
RHSA-2014:0135

Source: CCN
Type: RHSA-2014-0705
Critical: java-1.7.1-ibm security update

Source: CCN
Type: RHSA-2014-0982
Low: Red Hat Network Satellite server IBM Java Runtime security update

Source: SECUNIA
Type: UNKNOWN
56485

Source: SECUNIA
Type: UNKNOWN
56535

Source: CCN
Type: IBM Security Bulletin 1665690
IBM Smart Analytics System 5600 is affected by multiple vulnerabilities in the IBM SDK Java™ Technology Edition, Version 6

Source: CCN
Type: IBM Security Bulletin 1020003
Multiple vulnerabilities in the IBM SDK Java Technology for IBM i

Source: CCN
Type: IBM Security Bulletin 1662968
Multiple vulnerabilities in current releases of IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 1662998
Multiple vulnerabilities in IBM WebSphere Real Time

Source: CCN
Type: IBM Security Bulletin 1664835
Potential security vulnerabilities with JavaTM SDKs

Source: CCN
Type: IBM Security Bulletin 1668321
CICS Transaction Gateway for Multiplatforms

Source: CCN
Type: IBM Security Bulletin 1668742
Security Bulletin: IBM Tivoli Monitoring clients affected by vulnerabilities in IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 1671348
Security Bulletin for IBM Integration Bus and IBM WebSphere Message Broker: Multiple security vulnerabilities in IBM JREs 6 & 7

Source: CCN
Type: IBM Security Bulletin 1672078
InfoSphere Streams is affected by a vulnerability in the IBM SDK, Java Technology Edition (CVE-2014-0411)

Source: CCN
Type: IBM Security Bulletin 1672835
TADDM - Java Quarterly CPU - January 2014

Source: CCN
Type: IBM Security Bulletin 1673091
IBM Tivoli Monitoring clients affected by vulnerabilities in IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 1674707
IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in IBM JRE (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 1675205
ulnerability in IBM Tivoli System Automation for Integrated Operations Management (several CVEs).

Source: CCN
Type: IBM Security Bulletin 1677588
Tivoli Storage Productivity Center - Oracle CPU January 2014

Source: CCN
Type: Oracle Web site
Oracle Critical Patch Update Advisory - January 2014

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Source: BID
Type: UNKNOWN
64758

Source: CCN
Type: BID-64758
RETIRED: Oracle January 2014 Critical Patch Update Multiple Vulnerabilities

Source: BID
Type: UNKNOWN
64915

Source: CCN
Type: BID-64915
Oracle Java SE CVE-2014-0410 Remote Security Vulnerability

Source: SECTRACK
Type: UNKNOWN
1029608

Source: REDHAT
Type: UNKNOWN
RHSA-2014:0414

Source: XF
Type: UNKNOWN
oracle-cpujan2014-cve20140410(90322)

Source: CONFIRM
Type: UNKNOWN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-0410

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:jre:1.7.0:update45:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:oracle:jdk:1.6.0:update65:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update65:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras_oracle_java:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras_oracle_java:6:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:jdk:1.7.0:update45:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update45:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:sdk:5.0:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:sdk:6.0:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_message_broker:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_composite_application_manager:7.3:*:*:*:transactions:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.1.1:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_composite_application_manager:7.4:*:*:*:transactions:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:application_manager_for_smart_business:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sdk:6.1:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:sdk:7.0:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:sdk:7.1:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_supplementary_aus:6.5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.5.z:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7707
    P
    		libykcs11-1-1.6.2-4.30 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7729
    P
    		p7zip-16.02-150200.14.9.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:20140410
    V
    		CVE-2014-0410
    2022-05-20
    oval:org.opensuse.security:def:7005
    P
    		Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) (Important)
    2021-12-14
    oval:org.opensuse.security:def:6980
    P
    		Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP1) (Important)
    2021-10-14
    oval:org.opensuse.security:def:36537
    P
    		perl-base-32bit-5.10.0-64.72.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36495
    P
    		libtirpc-devel-0.2.1-1.7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:6905
    P
    		Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP1) (Important)
    2021-05-25
    oval:org.opensuse.security:def:13238
    P
    		java-1_6_0-ibm-1.6.0_sr16.1-5.9 on GA media (Moderate)
    2021-04-29
    oval:org.opensuse.security:def:46358
    P
    		java-1_6_0-ibm-1.6.0_sr16.1-5.9 on GA media (Moderate)
    2021-04-29
    oval:org.opensuse.security:def:6886
    P
    		Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) (Important)
    2021-04-28
    oval:org.opensuse.security:def:6871
    P
    		Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) (Important)
    2021-04-07
    oval:org.opensuse.security:def:7069
    P
    		Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP2) (Important)
    2021-04-07
    oval:org.opensuse.security:def:7056
    P
    		Security update for the Linux Kernel (Important)
    2020-12-10
    oval:org.opensuse.security:def:35857
    P
    		PackageKit-0.3.14-2.28.46 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35638
    P
    		squid-2.7.STABLE5-2.4.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35746
    P
    		libfreebl3-3.13.1-0.2.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35813
    P
    		python-sssd-config-1.5.11-0.9.96 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35697
    P
    		findutils-4.4.0-38.26.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35785
    P
    		mono-core-2.6.7-0.7.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:34998
    P
    		Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:7038
    P
    		libgadu3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35388
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:6778
    P
    		libvte9 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34999
    P
    		Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:35094
    P
    		Security update for Linux kernel
    2020-12-01
    oval:org.opensuse.security:def:35331
    P
    		Security update for minicom (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:6756
    P
    		libsndfile1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:7047
    P
    		libhogweed2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35478
    P
    		Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:6824
    P
    		python-libxml2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:6748
    P
    		libqt4-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35010
    P
    		Security update for gnutls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35230
    P
    		Security update for libmspack (Moderate)
    2020-12-01
    oval:com.redhat.rhsa:def:20140414
    P
    		RHSA-2014:0414: java-1.6.0-sun security update (Important)
    2017-12-15
    oval:org.cisecurity:def:1540
    V
    		HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access
    2017-01-06
    oval:org.mitre.oval:def:22292
    P
    		RHSA-2014:0134: java-1.7.0-ibm security update (Critical)
    2015-08-03
    oval:org.mitre.oval:def:22560
    P
    		RHSA-2014:0135: java-1.6.0-ibm security update (Critical)
    2015-08-03
    oval:org.mitre.oval:def:25575
    P
    		SUSE-SU-2014:0266-1 -- Security update for IBM Java 6
    2014-09-08
    oval:org.mitre.oval:def:25245
    P
    		SUSE-SU-2014:0266-3 -- Security update for IBM Java 6
    2014-09-08
    oval:org.mitre.oval:def:25326
    P
    		SUSE-SU-2014:0246-1 -- Security update for IBM Java
    2014-09-08
    oval:org.mitre.oval:def:25365
    P
    		SUSE-SU-2014:0266-2 -- Security update for IBM Java 6
    2014-09-08
    oval:org.mitre.oval:def:24739
    P
    		ELSA-2014:0414: java-1.6.0-sun security update (Important)
    2014-07-21
    oval:org.mitre.oval:def:24557
    P
    		RHSA-2014:0414: java-1.6.0-sun security update (Important)
    2014-06-09
    oval:org.mitre.oval:def:24132
    P
    		ELSA-2014:0134: java-1.7.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:24172
    P
    		ELSA-2014:0030: java-1.7.0-oracle security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:24037
    P
    		ELSA-2014:0135: java-1.6.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:22415
    P
    		RHSA-2014:0030: java-1.7.0-oracle security update (Critical)
    2014-05-12
    oval:org.mitre.oval:def:21989
    V
    		Vulnerability in Java SE component of Oracle Java SE 6u65 and Java SE 7u45 (subcomponent: Deployment)
    2014-03-03
    oval:com.redhat.rhsa:def:20140134
    P
    		RHSA-2014:0134: java-1.7.0-ibm security update (Critical)
    2014-02-04
    oval:com.redhat.rhsa:def:20140135
    P
    		RHSA-2014:0135: java-1.6.0-ibm security update (Critical)
    2014-02-04
    oval:com.redhat.rhsa:def:20140030
    P
    		RHSA-2014:0030: java-1.7.0-oracle security update (Critical)
    2014-01-15
    oval:com.ubuntu.precise:def:20140410000
    V
    		CVE-2014-0410 on Ubuntu 12.04 LTS (precise) - low.
    2014-01-15
    BACK
    oracle jre 1.7.0 update45
    oracle jdk 1.6.0 update65
    oracle jre 1.6.0 update65
    oracle jdk 1.7.0 update45
    oracle jre 1.7.0 update45
    ibm sdk 5.0
    ibm sdk 6.0
    ibm cics transaction gateway 8.0
    redhat enterprise linux 6
    redhat enterprise linux server supplementary 6
    redhat enterprise linux workstation supplementary 6
    redhat enterprise linux desktop supplementary 6
    redhat enterprise linux hpc node supplementary 6
    ibm maximo asset management 7.1
    ibm maximo asset management 7.5
    ibm infosphere streams 2.0
    ibm tivoli storage productivity center 5.1
    ibm websphere message broker 7.0
    ibm websphere message broker 8.0
    ibm infosphere streams 1.2
    ibm infosphere streams 3.0
    ibm infosphere streams 3.1
    ibm cics transaction gateway 8.1
    ibm cics transaction gateway 9.0
    ibm tivoli composite application manager 7.3
    ibm tivoli storage productivity center 5.1.1
    ibm maximo asset management 7.1.1
    ibm maximo asset management 7.1.2
    ibm tivoli composite application manager 7.4
    ibm infosphere streams 3.2
    ibm infosphere streams 3.2.1
    ibm i 6.1
    ibm i 7.1
    ibm tivoli storage productivity center 5.2
    ibm tivoli storage productivity center 5.2.1
    ibm tivoli monitoring 6.2.2
    ibm tivoli monitoring 6.2.3
    ibm tivoli monitoring 6.3.0
    ibm tivoli monitoring 6.2.0
    ibm tivoli monitoring 6.2.1
    ibm application manager for smart business 1.2.1
    ibm tivoli application dependency discovery manager 7.2
    ibm tivoli application dependency discovery manager 7.2.1
    ibm tivoli application dependency discovery manager 7.2.2
    ibm sdk 6.1
    ibm sdk 7.0
    ibm sdk 7.1
    ibm tivoli application dependency discovery manager 7.1.2
    ibm i 6.1.0
    ibm i 7.1.0
    redhat enterprise linux server supplementary aus 6.5
    redhat enterprise linux server supplementary eus 6.5.z