Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2009-2689

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.

  • Published: Aug 10, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-2689
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 10
  • AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
sun / java_se - 5.0.x
sun / openjdk - -
sun / java_se - 6.x