CVE-2018-2794

Published: Apr 19, 2018Modified: Nov 21, 2024

7.7

Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 6.0

Source: NVD

Description

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Affected (29)

Products: Oracle: Jdk, Jre, Jrockit · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Server Tus, Enterprise Linux Workstation, Satellite · Debian: Debian Linux · +3 more

Show all products

3 products

7 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

1 product

1 product

1 product

1 product

Struxureware Data Center Expert

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Oracle Jdk	Version 1.6.0 update181
Oracle Jdk	Version 1.7.0 update171
Oracle Jdk	Version 1.8.0 update162
Oracle Jdk	Version 10
Oracle Jre	Version 1.6.0 update181
Oracle Jre	Version 1.7.0 update171
Oracle Jre	Version 1.8.0 update162
Oracle Jre	Version 10

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Jrockit	Version r28.3.17

Configuration C

13 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Eus	Version 7.5
Redhat Enterprise Linux Server Eus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Enterprise Linux Workstation	Version 7.0
Redhat Satellite	Version 5.6
Redhat Satellite	Version 5.7
Redhat Satellite	Version 5.8

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration E

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 17.10

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Hp Xp7 Command View	All versions

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Struxureware Data Center Expert	Before 7.6.0

References (56)

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Source: secalert_us@oracle.com

PatchVendor Advisory

http://www.securityfocus.com/bid/103817

Source: secalert_us@oracle.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040697

Source: secalert_us@oracle.com

Broken LinkThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:1188

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1191

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1201

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1202

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1203

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1204

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1205

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1206

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1270

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1278

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1721

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1722

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1723

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1724

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1974

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1975

Source: secalert_us@oracle.com

Third Party Advisory

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

Source: secalert_us@oracle.com

Third Party Advisory

https://security.gentoo.org/glsa/201903-14

Source: secalert_us@oracle.com

Third Party Advisory

https://security.netapp.com/advisory/ntap-20180419-0001/

Source: secalert_us@oracle.com

Third Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us

Source: secalert_us@oracle.com

Third Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us

Source: secalert_us@oracle.com

Third Party Advisory

https://usn.ubuntu.com/3644-1/

Source: secalert_us@oracle.com

Third Party Advisory

https://usn.ubuntu.com/3691-1/

Source: secalert_us@oracle.com

Third Party Advisory

https://www.debian.org/security/2018/dsa-4185

Source: secalert_us@oracle.com

Third Party Advisory

https://www.debian.org/security/2018/dsa-4225

Source: secalert_us@oracle.com

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html