Back
CVE-2016-3427
CRITICAL
CISA KEV
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Published: Apr 21, 2016
Modified: Apr 22, 2026
NVD-CWE-noinfo
CWE-284
CVSS Metrics
CVSSv3
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products (81)
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.8.0 |
| oracle | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| oracle | jre | 1.8.0 |
| oracle | jrockit | r28.3.9 |
| oracle | linux | 5 |
| oracle | linux | 6 |
| oracle | linux | 7 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 15.10 |
| canonical | ubuntu_linux | 16.04 |
| debian | debian_linux | 8.0 |
| netapp | e-series_santricity_management_plug-ins | - |
| netapp | e-series_santricity_storage_manager | - |
| netapp | e-series_santricity_web_services | - |
| netapp | oncommand_balance | - |
| netapp | oncommand_cloud_manager | - |
…and 61 more
References (119)
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html Mailing List, Third Party Advisory
Risk Scores
CVSS Score
9.8 / 10
EPSS Score
93.29%
Top 0% most likely to be exploited
Threat Score
97.2 / 100
CISA Known Exploited
Date Added:
2023-05-12
Due Date:
2023-06-02
Required Action:
Apply updates per vendor instructions.
Data Sources
NVD
CISA KEV
EPSS