CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2016-3427

CVSS 9.8v3.1pub. 2016-04-21upd. 2026-04-22

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Cassandra

    APP
    Apache
    4.0.02.1.0 – 2.1.22 (bez)3.11.0 – 3.11.8 (bez)3.0.0 – 3.0.22 (bez)2.2.0 – 2.2.18 (bez)
  • Canonical Ubuntu

    OS
    Canonical
    12.0414.0415.1016.04
  • Debian

    OS
    Debian
    8.0
  • Netapp E Series Santricity Management Plug Ins

    APP
    Netapp
    wszystkie wersje
  • Netapp E Series Santricity Storage Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp E Series Santricity Web Services

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Balance

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Cloud Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Insight

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Performance Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Report

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Shift

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Unified Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Workflow Automation

    APP
    Netapp
    wszystkie wersje
  • Netapp Storagegrid

    APP
    Netapp
    ≤ 9.0.4
  • Netapp Vasa Provider For Clustered Data Ontap

    APP
    Netapp
    ≥ 7.2
  • Netapp Virtual Storage Console

    APP
    Netapp
    ≥ 7.2
  • Opensuse Leap

    OS
    Opensuse
    42.1
  • Opensuse

    OS
    Opensuse
    13.113.2
  • Oracle JDK

    APP
    Oracle
    1.6.01.7.01.8.0
  • Oracle Jre

    APP
    Oracle
    1.6.01.7.01.8.0
  • Oracle Jrockit

    APP
    Oracle
    r28.3.9
  • Oracle Linux

    OS
    Oracle
    567
  • Red Hat Enterprise Linux Desktop

    OS
    Redhat
    5.06.07.0
  • Red Hat Enterprise Linux Eus

    OS
    Redhat
    6.77.27.37.47.57.67.7
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    5.06.07.0
  • Red Hat Enterprise Linux Server Aus

    OS
    Redhat
    7.27.37.47.67.7
  • Red Hat Enterprise Linux Server Eus

    OS
    Redhat
    6.77.2
  • Red Hat Enterprise Linux Server Tus

    OS
    Redhat
    7.27.37.67.7
  • Red Hat Enterprise Linux Workstation

    OS
    Redhat
    5.06.07.0

CISA KEV — detailsi

Vendori
Oracle
Producti
Java SE and JRockit
Added to KEVi
May 12, 2023
Remediation deadline (US Federal)i
June 2, 2023(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 2 czerwca 2023
CWE
References

Related vulnerabilities

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki