Lucene search

[email protected]CVE-2018-2637

HistoryJan 18, 2018 - 2:29 a.m.

CVE-2018-2637

2018-01-1802:29:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

135

cve-2018-2637

oracle

java se

java se embedded

jrockit

vulnerability

security

nvd

cve-2018-2637

data breach

exploit

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

6.2 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

60.9%

JSON

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

VendorProductVersionCPE
oraclejava_se*cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	java_se	*	cpe:2.3:a:oracle:java_se::::::::

References

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.securityfocus.com/bid/102576

www.securitytracker.com/id/1040203

access.redhat.com/errata/RHSA-2018:0095

access.redhat.com/errata/RHSA-2018:0099

access.redhat.com/errata/RHSA-2018:0100

access.redhat.com/errata/RHSA-2018:0115

access.redhat.com/errata/RHSA-2018:0349

access.redhat.com/errata/RHSA-2018:0351

access.redhat.com/errata/RHSA-2018:0352

access.redhat.com/errata/RHSA-2018:0458

access.redhat.com/errata/RHSA-2018:0521

access.redhat.com/errata/RHSA-2018:1463

access.redhat.com/errata/RHSA-2018:1812

help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

lists.debian.org/debian-lts-announce/2018/04/msg00003.html

security.netapp.com/advisory/ntap-20180117-0001/

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us

usn.ubuntu.com/3613-1/

usn.ubuntu.com/3614-1/

www.debian.org/security/2018/dsa-4144

www.debian.org/security/2018/dsa-4166

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

6.2 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

60.9%

JSON

Related for CVE-2018-2637

redhatcve1 ubuntucve1 veracode2 debiancve1 ibm59 prion1 nessus51 photon3 openvas18 suse9 osv3 amazon3 ubuntu2 oraclelinux2 debian3 redhat11 centos2 mageia1 gentoo1 aix1 kaspersky1 oracle1