CVE-2011-3544

CRITICAL
2011-10-19 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Mar 26, 2026 - 11:17 vuln.today
Added to CISA KEV
Oct 22, 2025 - 01:15 cisa
CISA KEV
PoC Detected
Oct 22, 2025 - 01:15 vuln.today
Public exploit code
Patch Released
Oct 22, 2025 - 01:15 nvd
Patch available
CVE Published
Oct 19, 2011 - 21:55 nvd
CRITICAL 9.8

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

Analysis

Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier contain an unspecified vulnerability in the Scripting component that allows untrusted Java applets to bypass the security sandbox for full system compromise.

Technical Context

The CWE-284 access control flaw in Java's scripting engine allows malicious applets to escape the sandbox through the Rhino/Nashorn scripting interface. Once outside the sandbox, the applet has full access to the underlying operating system.

Affected Products

['Oracle Java SE JDK/JRE 7', 'Oracle Java SE JDK/JRE 6 Update 27 and earlier']

Remediation

Update Java to the latest version. Disable Java browser plugins entirely. Modern browsers no longer support Java applets (NPAPI deprecated).

Priority Score

222
Low Medium High Critical
KEV: +50
EPSS: +92.6
CVSS: +49
POC: +20

Share

CVE-2011-3544 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy