CVE-2010-0840

CRITICAL CISA KEV

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."

Published: Apr 1, 2010 Modified: Apr 21, 2026

NVD-CWE-noinfo

CVSS Metrics

CVSSv3

Attack Vector: NETWORK Attack Complexity: LOW Privileges Required: NONE User Interaction: NONE Scope: UNCHANGED Confidentiality Impact: HIGH Integrity Impact: HIGH Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products (10)

Vendor	Product	Version
oracle	jre	1.4.2_25
oracle	jre	1.5.0
oracle	jre	1.6.0
opensuse	opensuse	11.0
opensuse	opensuse	11.1
opensuse	opensuse	11.2
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10
canonical	ubuntu_linux	9.04
canonical	ubuntu_linux	9.10

GitHub Security Advisory GHSA-8rrv-3xx7-wmfc

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java...

References (81)

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 Broken Link
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html Mailing List, Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html Mailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html Mailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html Mailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=127557596201693&w=2 Mailing List
http://marc.info/?l=bugtraq&m=134254866602253&w=2 Mailing List
http://secunia.com/advisories/39292 Broken Link, Vendor Advisory
http://secunia.com/advisories/39317 Broken Link, Vendor Advisory
http://secunia.com/advisories/39659 Broken Link, Vendor Advisory
http://secunia.com/advisories/39819 Broken Link, Vendor Advisory
http://secunia.com/advisories/40211 Broken Link, Vendor Advisory
http://secunia.com/advisories/40545 Broken Link, Vendor Advisory
http://secunia.com/advisories/43308 Broken Link, Vendor Advisory

Risk Scores

CVSS Score 9.8 / 10

EPSS Score 92.08%

Top 0% most likely to be exploited

Threat Score 96.8 / 100

CISA Known Exploited

Date Added: 2022-05-25

Due Date: 2022-06-15

Required Action:

Apply updates per vendor instructions.

Data Sources

NVD CISA KEV EPSS GitHub