Design/Logic Flaw

2018-04-1902:29:00

PRIOn knowledge base

www.prio-n.com

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

40.5%

JSON

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CPENameOperatorVersion
jdkeq1.8.0 update162
jdkeq10
jreeq1.8.0 update162
jreeq10
enterprise_linux_servereq7.0
enterprise_linux_servereq6.0
enterprise_linux_workstationeq7.0
enterprise_linux_workstationeq6.0
struxureware_data_center_expertlt7.6.0

Name	Operator	Version
jdk	eq	1.8.0 update162
jdk	eq	10
jre	eq	1.8.0 update162
jre	eq	10
enterprise_linux_server	eq	7.0
enterprise_linux_server	eq	6.0
enterprise_linux_workstation	eq	7.0
enterprise_linux_workstation	eq	6.0
struxureware_data_center_expert	lt	7.6.0