CVE-2009-2689 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-2689 PUBLISHED CVSS 10 CRITICAL

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.

EPSS 7.51% · 91.7th percentile

Risk Scores

CVSS v2.0

10

EPSS Score

7.51%

91.7th percentile

Affected Products

Vendor	Product	Versions
sun	openjdk
n/a	n/a	n/a
sun	java_se	0, 0

Timeline

Aug 10, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

RHSA-2009:1199 vendor-advisory
36162 third-party-advisory
ADV-2009-2543 vdb
oval:org.mitre.oval:def:9603 vdb
GLSA-200911-02 vendor-advisory
36199 third-party-advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1 url
MDVSA-2009:209 vendor-advisory
FEDORA-2009-8329 vendor-advisory
http://java.sun.com/javase/6/webnotes/6u15.html url
36180 third-party-advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1 url
FEDORA-2009-8337 vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=513222 url
SUSE-SR:2009:016 vendor-advisory
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html url
APPLE-SA-2009-09-03-1 vendor-advisory
RHSA-2009:1201 vendor-advisory
37386 third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2009-2689 advisory

Open in Interactive Console →