PatchSiren cyber security CVE debrief

CVE-2016-8328 Oracle CVE debrief

CVE-2016-8328 affects Oracle Java SE 8u112 and is tied to Java Mission Control installation. NVD rates it Low (CVSS 3.7) and describes a network-reachable issue that does not require authentication, but is difficult to exploit and is limited to integrity impact.

Vendor: Oracle
Product: CVE-2016-8328
CVSS: LOW 3.7
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-27
Original CVE updated: 2026-05-13
Advisory published: 2017-01-27
Advisory updated: 2026-05-13

Who should care

Oracle Java SE administrators, especially teams managing JDK/JRE 1.8 update 112 and any systems with Java Mission Control installed, should review exposure. Security teams should also check any environment where Java components are reachable over the network.

Technical summary

NVD lists vulnerable CPEs for Oracle JDK 1.8 update 112 and Oracle JRE 1.8 update 112. The CVSS v3.0 vector is AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating unauthenticated network access with high exploit complexity and limited integrity impact. The record notes that the issue applies to Java Mission Control Installation and that exploitation may involve multiple protocols.

Defensive priority

Low for most environments, but patch during the next maintenance cycle; raise priority if Java Mission Control is installed on exposed or high-value systems.

Recommended defensive actions

Confirm whether Oracle Java SE 8u112 JDK/JRE or Java Mission Control is installed anywhere in the environment.
Apply Oracle's January 2017 CPU or later supported updates referenced by the vendor and NVD records.
Restrict network access to Java Mission Control and related Java management services to trusted hosts only.
Remove or disable Java Mission Control where it is not required.
Inventory and track additional Java deployments so that JDK/JRE 1.8 update 112 instances are not missed.
Monitor for unexpected integrity changes in Java SE-accessible data on systems that cannot be patched immediately.

Evidence notes

The NVD record for CVE-2016-8328 was published on 2017-01-27 and modified on 2026-05-13. NVD metadata identifies Oracle Java SE 8u112 JDK/JRE as the affected product scope, includes the CVSS 3.0 vector AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N, and states that the issue applies to Java Mission Control installation with unauthorized update, insert, or delete access to some Java SE-accessible data. Reference links in the source corpus include the official CVE record, the NVD detail page, and Oracle's January 2017 CPU advisory reference.

Official resources

CVE-2016-8328 CVE record
CVE.org
CVE-2016-8328 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]

Publicly disclosed on 2017-01-27. This debrief uses the CVE publication date for timing context and notes the NVD modification date of 2026-05-13 separately.