Linux Distros Unpatched Vulnerability : CVE-2018-3180

🗓️ 04 Mar 2025 00:00:00Reported by TenableType

Linux packages have unpatched vulnerability CVE-2018-3180 affecting Oracle Java SE components.

Reporter	Title	Published	Views	Family All 386
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Performance Manager (CVE-2018-3180, CVE-2018-3139)	15 Jan 201911:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2018-3139, CVE-2018-3180, CVE-2018-12457, CVE-2019-2426)	2 Apr 201920:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2018-3180, CVE-2018-12547)	19 Apr 201901:15	–	ibm
IBM Security Bulletins	Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition	4 Feb 201906:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA	30 Apr 201904:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Java affect the IBM FlashSystem models V840 and V9000	28 Jun 201916:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products	12 Apr 201907:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway	30 Apr 201913:30	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been idenfied in IBM SDK which affects IBM Db2 Query Management Facility for z/OS	12 Jun 201905:10	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in IBM Java SDK affects IMS™ Enterprise Suite: Explorer for Development (CVE-2018-3180)	1 Jun 202213:26	–	ibm

Source	Link
access	www.access.redhat.com/security/cve/cve-2018-3180
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(221870);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/20");

  script_cve_id("CVE-2018-3180");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2018-3180");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE).
    Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181;
    JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access
    via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can
    result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit
    accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit
    accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE,
    Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients
    running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run
    untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This
    vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service
    which supplies data to the APIs. (CVE-2018-3180)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-3180");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3180");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
  script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
  script_require_ports("Host/OS/Red Hat Enterprise Linux-6");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Red Hat Enterprise Linux-6": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "6",
        "pkgs": [
          {"reference": "java-1.6.0-ibm"},
          {"reference": "java-1.6.0-ibm-demo"},
          {"reference": "java-1.6.0-ibm-devel"},
          {"reference": "java-1.6.0-ibm-javacomm"},
          {"reference": "java-1.6.0-ibm-jdbc"},
          {"reference": "java-1.6.0-ibm-plugin"},
          {"reference": "java-1.6.0-ibm-src"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

20 Aug 2025 00:00Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.15.6

CVSS 26.8

EPSS0.00124

SSVC