Lucene search

[email protected]CVE-2018-2588

HistoryJan 18, 2018 - 2:29 a.m.

CVE-2018-2588

2018-01-1802:29:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

128

cve-2018-2588

oracle

java se

java se embedded

jrockit

ldap

vulnerability

network access

cvss 3.0

confidentiality impacts

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.2 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

44.1%

JSON

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

VendorProductVersionCPE
oraclejava_se*cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	java_se	*	cpe:2.3:a:oracle:java_se::::::::

References

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.securityfocus.com/bid/102661

www.securitytracker.com/id/1040203

access.redhat.com/errata/RHSA-2018:0095

access.redhat.com/errata/RHSA-2018:0099

access.redhat.com/errata/RHSA-2018:0100

access.redhat.com/errata/RHSA-2018:0115

access.redhat.com/errata/RHSA-2018:0349

access.redhat.com/errata/RHSA-2018:0351

access.redhat.com/errata/RHSA-2018:0352

access.redhat.com/errata/RHSA-2018:0458

access.redhat.com/errata/RHSA-2018:0521

access.redhat.com/errata/RHSA-2018:1463

access.redhat.com/errata/RHSA-2018:1812

help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

lists.debian.org/debian-lts-announce/2018/04/msg00003.html

security.netapp.com/advisory/ntap-20180117-0001/

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us

usn.ubuntu.com/3613-1/

usn.ubuntu.com/3614-1/

www.debian.org/security/2018/dsa-4144

www.debian.org/security/2018/dsa-4166

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.2 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

44.1%

JSON

Related for CVE-2018-2588

debiancve1 prion1 veracode2 redhatcve1 ubuntucve1 ibm47 nessus49 openvas26 redhat11 debian3 centos2 osv3 oraclelinux2 suse9 amazon3 ubuntu2 mageia1 gentoo1 aix1 kaspersky1 photon2 oracle1