Vulnerability Name:

CVE-2014-2409 (CCN-92481)

Assigned:2014-04-15
Published:2014-04-15
Updated:2022-05-13
Summary:Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
5.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2014-2409

Source: HP
Type: Issue Tracking, Mailing List, Third Party Advisory
SSRT101667

Source: HP
Type: Issue Tracking, Mailing List, Third Party Advisory
SSRT101668

Source: CCN
Type: RHSA-2014-0412
Critical: java-1.7.0-oracle security update

Source: CCN
Type: RHSA-2014-0486
Critical: java-1.7.0-ibm security update

Source: CCN
Type: RHSA-2014-0508
Critical: java-1.6.0-ibm security update

Source: CCN
Type: RHSA-2014-0705
Critical: java-1.7.1-ibm security update

Source: CCN
Type: RHSA-2014-0982
Low: Red Hat Network Satellite server IBM Java Runtime security update

Source: GENTOO
Type: Third Party Advisory
GLSA-201502-12

Source: CONFIRM
Type: Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21672080

Source: CCN
Type: IBM Security Bulletin 1020184
Multiple vulnerabilities in the IBM SDK Java Technology for IBM i

Source: CCN
Type: IBM Security Bulletin 1672043
Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 1672047
Multiple vulnerabilities in IBM WebSphere Real Time

Source: CCN
Type: IBM Security Bulletin 1672080
InfoSphere Streams is possibly affected by vulnerabilities in the IBM SDK, Java Technology Edition (CVE-2014-0453 and CVE-2014-0460)

Source: CCN
Type: IBM Security Bulletin 1673611
Multiple IBM SDK Java Technology Edition, Version 7 security vulnerabilities addressed in IBM Endpoint Manager for Remote Control

Source: CCN
Type: IBM Security Bulletin 1675205
ulnerability in IBM Tivoli System Automation for Integrated Operations Management (several CVEs).

Source: CCN
Type: IBM Security Bulletin 1677490
Multiple IBM SDK Java Technology Edition, Version 6 security vulnerabilities addressed in Tivoli Endpoint Manager for Remote Control

Source: CCN
Type: IBM Security Bulletin 1678048
IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in IBM JRE (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 1678883
Tivoli Application Dependency Discovery Manager - Java Quarterly CPU - April 2014.

Source: CCN
Type: IBM Security Bulletin 1679187
Potential security vulnerabilities with JavaTM SDKs

Source: CCN
Type: IBM Security Bulletin 1681114
IBM Notes and Domino - Multiple vulnerabilities in IBM Java (Oracle April 2014 Critical Patch Update) and IBM HTTP Server for Domino (CVE-2014-0963)

Source: CCN
Type: IBM Security Bulletin 1685350
Tivoli Storage Productivity Center - Oracle CPU April 2014

Source: CCN
Type: IBM Security Bulletin 1687297
Security Bulletin: IBM Tivoli Monitoring clients affected by vulnerabilities in IBM SDK, Java Technology Edition

Source: CCN
Type: Oracle Web site
Oracle Critical Patch Update Advisory - April 2014

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

Source: BID
Type: Third Party Advisory, VDB Entry
66915

Source: CCN
Type: BID-66915
Oracle Java SE CVE-2014-2409 Remote Security Vulnerability

Source: REDHAT
Type: Third Party Advisory
RHSA-2014:0413

Source: REDHAT
Type: Third Party Advisory
RHSA-2014:0414

Source: XF
Type: UNKNOWN
oracle-cpuapr2014-cve20142409(92481)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-2409

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:jdk:1.7.0:update51:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update51:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.8.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.8.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.6.0:update71:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update71:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras_oracle_java:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras_oracle_java:6:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:jre:1.7.0:update51:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update51:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.8.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:sdk:5.0:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:sdk:6.0:*:*:*:java:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_composite_application_manager:7.3:*:*:*:transactions:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.1.1:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_composite_application_manager:7.4:*:*:*:transactions:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_endpoint_manager:*:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sdk:6.1:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:sdk:7.0:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:sdk:7.1:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:domino:8.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino:8.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino:8.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7729
    P
    		p7zip-16.02-150200.14.9.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7707
    P
    		libykcs11-1-1.6.2-4.30 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:20142409
    V
    		CVE-2014-2409
    2022-05-20
    oval:org.opensuse.security:def:7005
    P
    		Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) (Important)
    2021-12-14
    oval:org.opensuse.security:def:6980
    P
    		Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP1) (Important)
    2021-10-14
    oval:org.opensuse.security:def:36537
    P
    		perl-base-32bit-5.10.0-64.72.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36495
    P
    		libtirpc-devel-0.2.1-1.7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:6905
    P
    		Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP1) (Important)
    2021-05-25
    oval:org.opensuse.security:def:13238
    P
    		java-1_6_0-ibm-1.6.0_sr16.1-5.9 on GA media (Moderate)
    2021-04-29
    oval:org.opensuse.security:def:46358
    P
    		java-1_6_0-ibm-1.6.0_sr16.1-5.9 on GA media (Moderate)
    2021-04-29
    oval:org.opensuse.security:def:6886
    P
    		Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) (Important)
    2021-04-28
    oval:org.opensuse.security:def:6871
    P
    		Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) (Important)
    2021-04-07
    oval:org.opensuse.security:def:7069
    P
    		Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP2) (Important)
    2021-04-07
    oval:org.opensuse.security:def:7056
    P
    		Security update for the Linux Kernel (Important)
    2020-12-10
    oval:org.opensuse.security:def:35785
    P
    		mono-core-2.6.7-0.7.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35857
    P
    		PackageKit-0.3.14-2.28.46 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35638
    P
    		squid-2.7.STABLE5-2.4.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35746
    P
    		libfreebl3-3.13.1-0.2.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35813
    P
    		python-sssd-config-1.5.11-0.9.96 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35697
    P
    		findutils-4.4.0-38.26.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35230
    P
    		Security update for libmspack (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34998
    P
    		Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:7038
    P
    		libgadu3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35388
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:6778
    P
    		libvte9 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34999
    P
    		Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:35094
    P
    		Security update for Linux kernel
    2020-12-01
    oval:org.opensuse.security:def:35331
    P
    		Security update for minicom (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:6756
    P
    		libsndfile1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:7047
    P
    		libhogweed2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35478
    P
    		Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:6824
    P
    		python-libxml2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:6748
    P
    		libqt4-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35010
    P
    		Security update for gnutls (Moderate)
    2020-12-01
    oval:com.redhat.rhsa:def:20140413
    P
    		RHSA-2014:0413: java-1.7.0-oracle security update (Critical)
    2017-12-15
    oval:com.redhat.rhsa:def:20140414
    P
    		RHSA-2014:0414: java-1.6.0-sun security update (Important)
    2017-12-15
    oval:org.mitre.oval:def:26360
    V
    		HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
    2015-04-20
    oval:org.mitre.oval:def:25419
    P
    		SUSE-SU-2014:0728-3 -- Security update for IBM Java 6
    2014-09-08
    oval:org.mitre.oval:def:25310
    P
    		SUSE-SU-2014:0733-2 -- Security update for IBM Java 7
    2014-09-08
    oval:org.mitre.oval:def:25385
    P
    		SUSE-SU-2014:0728-2 -- Security update for IBM Java 6
    2014-09-08
    oval:org.mitre.oval:def:25167
    P
    		SUSE-SU-2014:0733-1 -- Security update for IBM Java 7
    2014-09-08
    oval:org.mitre.oval:def:25185
    P
    		ELSA-2014:0508: java-1.6.0-ibm security update (Critical)
    2014-09-01
    oval:org.mitre.oval:def:24767
    P
    		ELSA-2014:0486: java-1.7.0-ibm security update (Critical)
    2014-09-01
    oval:org.mitre.oval:def:24739
    P
    		ELSA-2014:0414: java-1.6.0-sun security update (Important)
    2014-07-21
    oval:org.mitre.oval:def:24759
    P
    		ELSA-2014:0413: java-1.7.0-oracle security update (Critical)
    2014-07-21
    oval:org.mitre.oval:def:24411
    P
    		ELSA-2014:0412: java-1.7.0-oracle security update (Critical)
    2014-07-21
    oval:org.mitre.oval:def:23870
    P
    		RHSA-2014:0486: java-1.7.0-ibm security update (Critical)
    2014-06-30
    oval:org.mitre.oval:def:24446
    P
    		RHSA-2014:0508: java-1.6.0-ibm security update (Critical)
    2014-06-30
    oval:org.mitre.oval:def:24557
    P
    		RHSA-2014:0414: java-1.6.0-sun security update (Important)
    2014-06-09
    oval:org.mitre.oval:def:24723
    P
    		RHSA-2014:0413: java-1.7.0-oracle security update (Critical)
    2014-06-09
    oval:org.mitre.oval:def:24489
    P
    		RHSA-2014:0412: java-1.7.0-oracle security update (Critical)
    2014-06-09
    oval:org.mitre.oval:def:24646
    V
    		Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment
    2014-06-02
    oval:com.redhat.rhsa:def:20140508
    P
    		RHSA-2014:0508: java-1.6.0-ibm security update (Critical)
    2014-05-15
    oval:com.redhat.rhsa:def:20140486
    P
    		RHSA-2014:0486: java-1.7.0-ibm security update (Critical)
    2014-05-13
    oval:com.redhat.rhsa:def:20140412
    P
    		RHSA-2014:0412: java-1.7.0-oracle security update (Critical)
    2014-04-17
    oval:com.ubuntu.precise:def:20142409000
    V
    		CVE-2014-2409 on Ubuntu 12.04 LTS (precise) - medium.
    2014-04-15
    oval:com.ubuntu.trusty:def:20142409000
    V
    		CVE-2014-2409 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-04-15
    BACK
    oracle jdk 1.7.0 update51
    oracle jre 1.7.0 update51
    oracle jdk 1.8.0 -
    oracle jre 1.8.0 -
    oracle jdk 1.6.0 update71
    oracle jre 1.6.0 update71
    oracle jre 1.7.0 update51
    oracle jdk 1.7.0 update51
    oracle jre 1.8.0
    oracle jdk 1.8.0
    ibm sdk 5.0
    ibm sdk 6.0
    redhat enterprise linux 6
    redhat enterprise linux server supplementary 6
    redhat enterprise linux workstation supplementary 6
    redhat enterprise linux desktop supplementary 6
    redhat enterprise linux hpc node supplementary 6
    ibm maximo asset management 7.5
    ibm infosphere streams 2.0
    ibm tivoli storage productivity center 5.1
    ibm infosphere streams 1.2
    ibm infosphere streams 3.0
    ibm infosphere streams 3.1
    ibm tivoli composite application manager 7.3
    ibm tivoli storage productivity center 5.1.1
    ibm maximo asset management 7.1.1
    ibm tivoli composite application manager 7.4
    ibm infosphere streams 3.2
    ibm infosphere streams 3.2.1
    ibm domino 8.5.3.6
    ibm domino 9.0.1
    ibm domino 8.5
    ibm domino 9.0
    ibm tivoli endpoint manager *
    ibm i 6.1
    ibm i 7.1
    ibm i 7.2
    ibm tivoli storage productivity center 5.2
    ibm tivoli storage productivity center 5.2.1
    ibm tivoli monitoring 6.2.2
    ibm tivoli monitoring 6.2.3
    ibm tivoli monitoring 6.3.0
    ibm tivoli monitoring 6.2.0
    ibm tivoli monitoring 6.2.1
    ibm tivoli application dependency discovery manager 7.2
    ibm tivoli application dependency discovery manager 7.2.1
    ibm tivoli application dependency discovery manager 7.2.2
    ibm sdk 6.1
    ibm sdk 7.0
    ibm sdk 7.1
    ibm domino 8.5.1
    ibm domino 8.5.2
    ibm domino 8.5.3
    ibm domino 9.0.1.1
    ibm tivoli application dependency discovery manager 7.1.2
    ibm tivoli storage productivity center 5.2.2