CVE-2006-3921 [Medium] | Security Vulnerability in Java System Application Server

CVE-2006-3921 is rated Moderate Risk (44.8/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.09%). EPSS rose +1.12% over the last day, indicating growing attacker interest. Review affected assets and schedule remediation.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.98%	2.09%	+1.12%
2	2025-08-21	0.75%	0.98%	+0.23%
3	2025-03-30	—	0.75%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

0.98%

2.09%

+1.12%

2025-08-21

0.75%

0.98%

+0.23%

2025-03-30

—

0.75%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.0	2.0	MEDIUM	`AV:N/AC:L/Au:S/C:P/I:N/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:S) A single authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:N) No availability impact.	8.0	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.0

2.0

MEDIUM

AV:N/AC:L/Au:S/C:P/I:N/A:N Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:S): A single authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:N): No availability impact.

8.0

2.9

[email protected]

Affected software / configurations for CVE-2006-3921

References for CVE-2006-3921

URL	Tags
http://secunia.com/advisories/21251
http://secunia.com/advisories/22425
http://securitytracker.com/id?1016596	Patch
http://securitytracker.com/id?1016597	Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1	Patch
http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm
http://www.securityfocus.com/bid/19200	Patch
http://www.vupen.com/english/advisories/2006/3020
https://exchange.xforce.ibmcloud.com/vulnerabilities/28061

URL

CVE-2006-3921

Exploit prediction scoring system (EPSS) score for CVE-2006-3921

Common vulnerability scoring system (CVSS) metrics for CVE-2006-3921

Weakness enumeration for CVE-2006-3921

Affected software / configurations for CVE-2006-3921

References for CVE-2006-3921

Vendor	Product	Version	Raw CPE
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0:::::::*
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0::enterprise:::::
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0::platform:::::
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0::standard:::::
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0:ur1:enterprise:::::*
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0:ur1:standard:::::*
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0:ur2:enterprise:::::*
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0:ur2:platform:::::*
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0:ur2:standard:::::*
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0:ur4::::::
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0:ur5:platform:::::*
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0:ur5:standard:::::*
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0:ur6:platform:::::*
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0:ur6:standard:::::*
sun	java_system_application_server	7.1	cpe:2.3:a:sun:java_system_application_server:7.1:::::::*
sun	java_system_application_server	8.1	cpe:2.3:a:sun:java_system_application_server:8.1::enterprise:::::
sun	java_system_application_server	8.1	cpe:2.3:a:sun:java_system_application_server:8.1::platform:::::
sun	java_system_application_server	8.1	cpe:2.3:a:sun:java_system_application_server:8.1:ur1:platform:::::*
sun	java_system_web_server	6.0	cpe:2.3:a:sun:java_system_web_server:6.0:::::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:::::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp1::::::
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp2::::::
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp3::::::
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp4::::::
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp5::::::