CVE-2012-5076 — Oracle Java SE

Oracle Java SE Sandbox Bypass Vulnerability

Added to KEV

2022-03-28

Federal due date

2022-04-18

Vendor

Oracle

Product

Java SE

EPSS

99.7th percentile (score 0.914, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2012-5076

CISA short description

The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.