Vulnerability identifier: #VU8868

Vulnerability risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-10309

CWE-ID: CWE-264

Exploitation vector: Network

Exploits in database: 2

• October 27, 2020
  • Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability [Source Incite]
• March 18, 2020
  • Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure [Exploit-DB]

Impact: Information disclosure and data manipulation

Vulnerable software:
Oracle Java SE
Universal components / Libraries / Software for developers

Vendor: Oracle