VYPR
← All advisories
Low severity3.7NVD Advisory· Published Apr 24, 2017· Updated May 13, 2026

CVE-2017-3533

CVE-2017-3533

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Affected products

26
  • Oracle Corporation/Jdk3 versions
    cpe:2.3:a:oracle:jdk:1.6.0:update141:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:oracle:jdk:1.6.0:update141:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.7.0:update131:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.8.0:update121:*:*:*:*:*:*
  • Oracle Corporation/Jre3 versions
    cpe:2.3:a:oracle:jre:1.6.0:update141:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:oracle:jre:1.6.0:update141:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update_131:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.8.0:update_121:*:*:*:*:*:*
  • Oracle Corporation/Jrockit
    cpe:2.3:a:oracle:jrockit:r28.3.13:*:*:*:*:*:*:*
  • Red Hat/Icedtea
    cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*
    Range: <3.4.0
  • Red Hat/Satellite
    cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Desktop2 versions
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server2 versions
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Aus3 versions
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Eus4 versions
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Tus2 versions
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Workstation2 versions
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • Oracle Corporation/Javav5
    Range: Java SE: 6u141

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

16

News mentions

0

No linked articles in our index yet.