Lucene search

[email protected]CVE-2018-2618

HistoryJan 18, 2018 - 2:29 a.m.

CVE-2018-2618

2018-01-1802:29:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

137

cve-2018-2618

oracle java se

jce

java se

java se embedded

jrockit

vulnerability

network access

unauthorized access

confidentiality impact

data compromise

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.1%

JSON

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

VendorProductVersionCPE
oraclejava_se*cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	java_se	*	cpe:2.3:a:oracle:java_se::::::::

References

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.securityfocus.com/bid/102612

www.securitytracker.com/id/1040203

access.redhat.com/errata/RHSA-2018:0095

access.redhat.com/errata/RHSA-2018:0099

access.redhat.com/errata/RHSA-2018:0100

access.redhat.com/errata/RHSA-2018:0115

access.redhat.com/errata/RHSA-2018:0349

access.redhat.com/errata/RHSA-2018:0351

access.redhat.com/errata/RHSA-2018:0352

access.redhat.com/errata/RHSA-2018:0458

access.redhat.com/errata/RHSA-2018:0521

access.redhat.com/errata/RHSA-2018:1463

access.redhat.com/errata/RHSA-2018:1812

help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

lists.debian.org/debian-lts-announce/2018/04/msg00003.html

security.netapp.com/advisory/ntap-20180117-0001/

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us

usn.ubuntu.com/3613-1/

usn.ubuntu.com/3614-1/

www.debian.org/security/2018/dsa-4144

www.debian.org/security/2018/dsa-4166

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.1%

JSON

Related for CVE-2018-2618

redhatcve1 prion1 debiancve1 ubuntucve1 ibm50 nessus49 openvas26 redhat11 debian3 centos2 osv3 amazon3 ubuntu2 suse9 oraclelinux2 veracode1 mageia1 gentoo1 aix1 kaspersky1 photon2 oracle1