Lucene search

[email protected]NVD:CVE-2017-10102

HistoryAug 08, 2017 - 3:29 p.m.

CVE-2017-10102

2017-08-0815:29:03

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

56.3%

JSON

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

Affected configurations

Nvd

Node

oraclejdkMatch1.6.0update151

oraclejdkMatch1.7.0update141

oraclejdkMatch1.8.0update131

oraclejreMatch1.6.0update151

oraclejreMatch1.7.0update141

oraclejreMatch1.8.0update131

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

phoenixcontactfl_mguard_dmRange≤1.8.0

Node

netappactive_iq_unified_managerRange7.3≥windows

netappactive_iq_unified_managerRange9.5≥vmware_vsphere

netappcloud_backupMatch-

netappe-series_santricity_os_controllerRange11.0–11.70.1

netappe-series_santricity_storage_managerMatch-

netappelement_softwareMatch-

netapponcommand_balanceMatch-

netapponcommand_insightMatch-

netapponcommand_performance_managerMatch-vmware_vsphere

netapponcommand_shiftMatch-

netapponcommand_unified_managerRange≤7.1vsphere

netapponcommand_unified_managerRange≤7.1windows

netapponcommand_unified_managerMatch-7-mode

netappplug-in_for_symantec_netbackupMatch-

netappsnapmanagerMatch-oracle

netappsnapmanagerMatch-sap

netappsteelstore_cloud_integrated_storageMatch-

netappstorage_replication_adapter_for_clustered_data_ontapRange7.2≥windows

netappstorage_replication_adapter_for_clustered_data_ontapMatch9.6

netappvasa_provider_for_clustered_data_ontapRange7.2≥

netappvasa_provider_for_clustered_data_ontapMatch6.0

netappvirtual_storage_consoleRange7.2≥vmware_vsphere

netappvirtual_storage_consoleMatch6.0vmware_vsphere

Node

redhatsatelliteMatch5.8

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch7.3

redhatenterprise_linux_eusMatch7.4

redhatenterprise_linux_eusMatch7.5

redhatenterprise_linux_eusMatch7.6

redhatenterprise_linux_eusMatch7.7

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_ausMatch7.7

redhatenterprise_linux_server_tusMatch7.3

redhatenterprise_linux_server_tusMatch7.4

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

References

www.debian.org/security/2017/dsa-3919

www.debian.org/security/2017/dsa-3954

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.securityfocus.com/bid/99712

www.securitytracker.com/id/1038931

access.redhat.com/errata/RHSA-2017:1789

access.redhat.com/errata/RHSA-2017:1790

access.redhat.com/errata/RHSA-2017:1791

access.redhat.com/errata/RHSA-2017:1792

access.redhat.com/errata/RHSA-2017:2424

access.redhat.com/errata/RHSA-2017:2469

access.redhat.com/errata/RHSA-2017:2481

access.redhat.com/errata/RHSA-2017:2530

access.redhat.com/errata/RHSA-2017:3453

cert.vde.com/en-us/advisories/vde-2017-002

security.gentoo.org/glsa/201709-22

security.netapp.com/advisory/ntap-20170720-0001/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

56.3%

JSON

Related for NVD:CVE-2017-10102

f51 prion1 ubuntucve1 cve1 veracode1 debiancve1 cvelist1 ibm55 ics1 nessus48 redhat9 amazon2 centos2 oraclelinux2 openvas24 suse6 ubuntu3 aix1 osv3 debian3 mageia1 archlinux1 kaspersky1 gentoo1 photon1 oracle1