CVE-2009-2711

XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276.

Published: 2009-08-07 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2009-2711 is rated Low Risk (30.7/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.39%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2009-2711

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.06% 0.39% +0.33%
2 2023-03-07 1.03% 0.06% -0.97%
3 2022-02-04 1.03%

Full EPSS history (3 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2009-2711

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.9 2.0 MEDIUM
AV:L/AC:L/Au:N/C:C/I:N/A:N Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
 3.9 6.9 [email protected]

Weakness enumeration for CVE-2009-2711

Affected software / configurations for CVE-2009-2711

Vendor Product Version Raw CPE
sun opensolaris snv_01 cpe:2.3:o:sun:opensolaris:snv_01:*:x86:*:*:*:*:*
sun opensolaris snv_02 cpe:2.3:o:sun:opensolaris:snv_02:*:x86:*:*:*:*:*
sun opensolaris snv_03 cpe:2.3:o:sun:opensolaris:snv_03:*:x86:*:*:*:*:*
sun opensolaris snv_04 cpe:2.3:o:sun:opensolaris:snv_04:*:x86:*:*:*:*:*
sun opensolaris snv_05 cpe:2.3:o:sun:opensolaris:snv_05:*:x86:*:*:*:*:*
sun opensolaris snv_06 cpe:2.3:o:sun:opensolaris:snv_06:*:x86:*:*:*:*:*
sun opensolaris snv_07 cpe:2.3:o:sun:opensolaris:snv_07:*:x86:*:*:*:*:*
sun opensolaris snv_08 cpe:2.3:o:sun:opensolaris:snv_08:*:x86:*:*:*:*:*
sun opensolaris snv_09 cpe:2.3:o:sun:opensolaris:snv_09:*:x86:*:*:*:*:*
sun opensolaris snv_10 cpe:2.3:o:sun:opensolaris:snv_10:*:x86:*:*:*:*:*
sun opensolaris snv_11 cpe:2.3:o:sun:opensolaris:snv_11:*:x86:*:*:*:*:*
sun opensolaris snv_12 cpe:2.3:o:sun:opensolaris:snv_12:*:x86:*:*:*:*:*
sun opensolaris snv_13 cpe:2.3:o:sun:opensolaris:snv_13:*:x86:*:*:*:*:*
sun opensolaris snv_14 cpe:2.3:o:sun:opensolaris:snv_14:*:x86:*:*:*:*:*
sun opensolaris snv_15 cpe:2.3:o:sun:opensolaris:snv_15:*:x86:*:*:*:*:*
sun opensolaris snv_16 cpe:2.3:o:sun:opensolaris:snv_16:*:x86:*:*:*:*:*
sun opensolaris snv_17 cpe:2.3:o:sun:opensolaris:snv_17:*:x86:*:*:*:*:*
sun opensolaris snv_18 cpe:2.3:o:sun:opensolaris:snv_18:*:x86:*:*:*:*:*
sun opensolaris snv_19 cpe:2.3:o:sun:opensolaris:snv_19:*:x86:*:*:*:*:*
sun opensolaris snv_20 cpe:2.3:o:sun:opensolaris:snv_20:*:x86:*:*:*:*:*
sun opensolaris snv_21 cpe:2.3:o:sun:opensolaris:snv_21:*:x86:*:*:*:*:*
sun opensolaris snv_22 cpe:2.3:o:sun:opensolaris:snv_22:*:x86:*:*:*:*:*
sun opensolaris snv_23 cpe:2.3:o:sun:opensolaris:snv_23:*:x86:*:*:*:*:*
sun opensolaris snv_24 cpe:2.3:o:sun:opensolaris:snv_24:*:x86:*:*:*:*:*
sun opensolaris snv_25 cpe:2.3:o:sun:opensolaris:snv_25:*:x86:*:*:*:*:*
sun opensolaris snv_26 cpe:2.3:o:sun:opensolaris:snv_26:*:x86:*:*:*:*:*
sun opensolaris snv_27 cpe:2.3:o:sun:opensolaris:snv_27:*:x86:*:*:*:*:*
sun opensolaris snv_28 cpe:2.3:o:sun:opensolaris:snv_28:*:x86:*:*:*:*:*
sun opensolaris snv_29 cpe:2.3:o:sun:opensolaris:snv_29:*:x86:*:*:*:*:*
sun opensolaris snv_30 cpe:2.3:o:sun:opensolaris:snv_30:*:x86:*:*:*:*:*
sun opensolaris snv_31 cpe:2.3:o:sun:opensolaris:snv_31:*:x86:*:*:*:*:*
sun opensolaris snv_32 cpe:2.3:o:sun:opensolaris:snv_32:*:x86:*:*:*:*:*
sun opensolaris snv_33 cpe:2.3:o:sun:opensolaris:snv_33:*:x86:*:*:*:*:*
sun opensolaris snv_34 cpe:2.3:o:sun:opensolaris:snv_34:*:x86:*:*:*:*:*
sun opensolaris snv_35 cpe:2.3:o:sun:opensolaris:snv_35:*:x86:*:*:*:*:*
sun opensolaris snv_36 cpe:2.3:o:sun:opensolaris:snv_36:*:x86:*:*:*:*:*
sun opensolaris snv_37 cpe:2.3:o:sun:opensolaris:snv_37:*:x86:*:*:*:*:*
sun opensolaris snv_38 cpe:2.3:o:sun:opensolaris:snv_38:*:x86:*:*:*:*:*
sun opensolaris snv_39 cpe:2.3:o:sun:opensolaris:snv_39:*:x86:*:*:*:*:*
sun opensolaris snv_40 cpe:2.3:o:sun:opensolaris:snv_40:*:x86:*:*:*:*:*
sun opensolaris snv_41 cpe:2.3:o:sun:opensolaris:snv_41:*:x86:*:*:*:*:*
sun opensolaris snv_42 cpe:2.3:o:sun:opensolaris:snv_42:*:x86:*:*:*:*:*
sun opensolaris snv_43 cpe:2.3:o:sun:opensolaris:snv_43:*:x86:*:*:*:*:*
sun opensolaris snv_44 cpe:2.3:o:sun:opensolaris:snv_44:*:x86:*:*:*:*:*
sun opensolaris snv_45 cpe:2.3:o:sun:opensolaris:snv_45:*:x86:*:*:*:*:*
sun opensolaris snv_46 cpe:2.3:o:sun:opensolaris:snv_46:*:x86:*:*:*:*:*
sun opensolaris snv_47 cpe:2.3:o:sun:opensolaris:snv_47:*:x86:*:*:*:*:*
sun opensolaris snv_48 cpe:2.3:o:sun:opensolaris:snv_48:*:x86:*:*:*:*:*
sun opensolaris snv_49 cpe:2.3:o:sun:opensolaris:snv_49:*:x86:*:*:*:*:*
sun opensolaris snv_50 cpe:2.3:o:sun:opensolaris:snv_50:*:x86:*:*:*:*:*
sun opensolaris snv_51 cpe:2.3:o:sun:opensolaris:snv_51:*:x86:*:*:*:*:*
sun opensolaris snv_52 cpe:2.3:o:sun:opensolaris:snv_52:*:x86:*:*:*:*:*
sun opensolaris snv_53 cpe:2.3:o:sun:opensolaris:snv_53:*:x86:*:*:*:*:*
sun opensolaris snv_54 cpe:2.3:o:sun:opensolaris:snv_54:*:x86:*:*:*:*:*
sun opensolaris snv_55 cpe:2.3:o:sun:opensolaris:snv_55:*:x86:*:*:*:*:*
sun opensolaris snv_56 cpe:2.3:o:sun:opensolaris:snv_56:*:x86:*:*:*:*:*
sun opensolaris snv_57 cpe:2.3:o:sun:opensolaris:snv_57:*:x86:*:*:*:*:*
sun opensolaris snv_58 cpe:2.3:o:sun:opensolaris:snv_58:*:x86:*:*:*:*:*
sun opensolaris snv_59 cpe:2.3:o:sun:opensolaris:snv_59:*:x86:*:*:*:*:*
sun opensolaris snv_60 cpe:2.3:o:sun:opensolaris:snv_60:*:x86:*:*:*:*:*
sun opensolaris snv_61 cpe:2.3:o:sun:opensolaris:snv_61:*:x86:*:*:*:*:*
sun opensolaris snv_62 cpe:2.3:o:sun:opensolaris:snv_62:*:x86:*:*:*:*:*
sun opensolaris snv_63 cpe:2.3:o:sun:opensolaris:snv_63:*:x86:*:*:*:*:*
sun opensolaris snv_64 cpe:2.3:o:sun:opensolaris:snv_64:*:x86:*:*:*:*:*
sun opensolaris snv_65 cpe:2.3:o:sun:opensolaris:snv_65:*:x86:*:*:*:*:*
sun opensolaris snv_66 cpe:2.3:o:sun:opensolaris:snv_66:*:x86:*:*:*:*:*
sun opensolaris snv_67 cpe:2.3:o:sun:opensolaris:snv_67:*:x86:*:*:*:*:*
sun opensolaris snv_68 cpe:2.3:o:sun:opensolaris:snv_68:*:x86:*:*:*:*:*
sun opensolaris snv_69 cpe:2.3:o:sun:opensolaris:snv_69:*:x86:*:*:*:*:*
sun opensolaris snv_70 cpe:2.3:o:sun:opensolaris:snv_70:*:x86:*:*:*:*:*
sun opensolaris snv_71 cpe:2.3:o:sun:opensolaris:snv_71:*:x86:*:*:*:*:*
sun opensolaris snv_72 cpe:2.3:o:sun:opensolaris:snv_72:*:x86:*:*:*:*:*
sun opensolaris snv_73 cpe:2.3:o:sun:opensolaris:snv_73:*:x86:*:*:*:*:*
sun opensolaris snv_74 cpe:2.3:o:sun:opensolaris:snv_74:*:x86:*:*:*:*:*
sun opensolaris snv_75 cpe:2.3:o:sun:opensolaris:snv_75:*:x86:*:*:*:*:*
sun opensolaris snv_76 cpe:2.3:o:sun:opensolaris:snv_76:*:x86:*:*:*:*:*
sun opensolaris snv_77 cpe:2.3:o:sun:opensolaris:snv_77:*:x86:*:*:*:*:*
sun opensolaris snv_78 cpe:2.3:o:sun:opensolaris:snv_78:*:x86:*:*:*:*:*
sun opensolaris snv_79 cpe:2.3:o:sun:opensolaris:snv_79:*:x86:*:*:*:*:*
sun opensolaris snv_80 cpe:2.3:o:sun:opensolaris:snv_80:*:x86:*:*:*:*:*

References for CVE-2009-2711

cvelogic Threat Intelligence