Lucene search

K
cveOracleCVE-2017-10115
HistoryAug 08, 2017 - 3:29 p.m.

CVE-2017-10115

2017-08-0815:29:03
oracle
web.nvd.nist.gov
155
cve-2017-10115
vulnerability
java se
java se embedded
jrockit
oracle java
cvss 3.0
unauthorized access
network access
confidentiality impact
data compromise

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

56.0%

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected configurations

Nvd
Vulners
Node
oraclejdkMatch1.6.0update151
OR
oraclejdkMatch1.7.0update141
OR
oraclejdkMatch1.8.0update131
OR
oraclejreMatch1.6.0update151
OR
oraclejreMatch1.7.0update141
OR
oraclejreMatch1.8.0update131
OR
oraclejrockitMatchr28.3.14
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
Node
phoenixcontactfl_mguard_dmRange1.8.0
Node
redhatsatelliteMatch5.8
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_eusMatch7.3
OR
redhatenterprise_linux_eusMatch7.4
OR
redhatenterprise_linux_eusMatch7.5
OR
redhatenterprise_linux_eusMatch7.6
OR
redhatenterprise_linux_eusMatch7.7
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.3
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_ausMatch7.7
OR
redhatenterprise_linux_server_tusMatch7.3
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_server_tusMatch7.7
OR
redhatenterprise_linux_workstationMatch6.0
OR
redhatenterprise_linux_workstationMatch7.0
Node
netappactive_iq_unified_managerRange7.3windows
OR
netappactive_iq_unified_managerRange9.5vmware_vsphere
OR
netappcloud_backupMatch-
OR
netappe-series_santricity_os_controllerRange11.011.70.1
OR
netappe-series_santricity_storage_managerMatch-
OR
netappelement_softwareMatch-
OR
netapponcommand_balanceMatch-
OR
netapponcommand_insightMatch-
OR
netapponcommand_performance_managerMatch-vmware_vsphere
OR
netapponcommand_shiftMatch-
OR
netapponcommand_unified_managerRange7.1vsphere
OR
netapponcommand_unified_managerRange7.1windows
OR
netapponcommand_unified_managerMatch-7-mode
OR
netappplug-in_for_symantec_netbackupMatch-
OR
netappsnapmanagerMatch-oracle
OR
netappsnapmanagerMatch-sap
OR
netappsteelstore_cloud_integrated_storageMatch-
OR
netappstorage_replication_adapter_for_clustered_data_ontapRange7.2windows
OR
netappstorage_replication_adapter_for_clustered_data_ontapMatch9.6vmware_vsphere
OR
netappvasa_provider_for_clustered_data_ontapRange7.2
OR
netappvasa_provider_for_clustered_data_ontapMatch6.0
OR
netappvirtual_storage_consoleRange7.2vmware_vsphere
OR
netappvirtual_storage_consoleMatch6.0vmware_vsphere
VendorProductVersionCPE
oraclejdk1.6.0cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*
oraclejdk1.8.0cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*
oraclejre1.6.0cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*
oraclejre1.7.0cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*
oraclejre1.8.0cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*
oraclejrockitr28.3.14cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
phoenixcontactfl_mguard_dm*cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 521

CNA Affected

[
  {
    "product": "Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Java SE: 6u151"
      },
      {
        "status": "affected",
        "version": "7u141"
      },
      {
        "status": "affected",
        "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
      }
    ]
  }
]

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

56.0%