What is CVE-2016-3427?

CVE-2016-3427 is a vulnerability in N/a. Published 2016-04-21.

Is CVE-2016-3427 known to be exploited?

Yes. CVE-2016-3427 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2023-05-12), indicating it is being actively exploited. 23 public proof-of-concept repositories are indexed.

Vulnerability in N/a

CVE-2016-3427

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

EPSS: 0.933 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2023-05-12. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2023-06-02.

Required action: Apply updates per vendor instructions.

Public proof-of-concept exploits

References

openSUSE-SU-2016:1222 (vendor-advisory, x_refsource_SUSE)
RHSA-2016:0677 (x_refsource_REDHAT, vendor-advisory)
SUSE-SU-2016:1299 (vendor-advisory, x_refsource_SUSE)
RHSA-2016:1039 (x_refsource_REDHAT, vendor-advisory)
RHSA-2016:0701 (x_refsource_REDHAT, vendor-advisory)
USN-2972-1 (x_refsource_UBUNTU, vendor-advisory)
www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (x_refsource_CONFIRM)
SUSE-SU-2016:1303 (vendor-advisory, x_refsource_SUSE)
1037331 (vdb-entry, x_refsource_SECTRACK)
SUSE-SU-2016:1475 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2016-3427?: CVE-2016-3427 is a vulnerability in N/a. Published 2016-04-21.
Is CVE-2016-3427 known to be exploited?: Yes. CVE-2016-3427 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2023-05-12), indicating it is being actively exploited. 23 public proof-of-concept repositories are indexed.