Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-2629
HistoryJan 17, 2018 - 12:00 a.m.

CVE-2018-2629

2018-01-1700:00:00
ubuntu.com
ubuntu.com
3

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

61.1%

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
Java SE (subcomponent: JGSS). Supported versions that are affected are Java
SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit:
R28.3.16. Difficult to exploit vulnerability allows unauthenticated
attacker with network access via multiple protocols to compromise Java SE,
Java SE Embedded, JRockit. Successful attacks require human interaction
from a person other than the attacker. Successful attacks of this
vulnerability can result in unauthorized creation, deletion or modification
access to critical data or all Java SE, Java SE Embedded, JRockit
accessible data. Note: This vulnerability applies to client and server
deployment of Java. This vulnerability can be exploited through sandboxed
Java Web Start applications and sandboxed Java applets. It can also be
exploited by supplying data to APIs in the specified Component without
using sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchopenjdk-7< 7u171-2.6.13-0ubuntu0.14.04.2UNKNOWN
ubuntu17.10noarchopenjdk-8< 8u162-b12-0ubuntu0.17.10.2UNKNOWN
ubuntu16.04noarchopenjdk-8< 8u162-b12-0ubuntu0.16.04.2UNKNOWN

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

61.1%

Related for UB:CVE-2018-2629