ByteOS Network

NVD Vulnerability Details :

CVE-2018-2794

Analyzed

Source-secalert_us@oracle.com

Published At-19 Apr, 2018 | 02:29

Updated At-22 Nov, 2023 | 19:30

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.7	HIGH	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary	2.0	3.7	LOW	AV:L/AC:H/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 7.7

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 3.7

Base severity: LOW

Vector:

AV:L/AC:H/Au:N/C:P/I:P/A:P

CPE Matches

Oracle Corporation

>>jdk>>1.6.0

cpe:2.3:a:oracle:jdk:1.6.0:update181:*:*:*:*:*:*

Oracle Corporation

>>jdk>>1.7.0

cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*

Oracle Corporation

>>jdk>>1.8.0

cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*

Oracle Corporation

>>jdk>>10

cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*

Oracle Corporation

>>jre>>1.6.0

cpe:2.3:a:oracle:jre:1.6.0:update181:*:*:*:*:*:*

Oracle Corporation

>>jre>>1.7.0

cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*

Oracle Corporation

>>jre>>1.8.0

cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*

Oracle Corporation

>>jre>>10

cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*

Oracle Corporation

>>jrockit>>r28.3.17

cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*

Red Hat, Inc.

>>satellite>>5.6

cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>satellite>>5.7

cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*

Red Hat, Inc.

>>satellite>>5.8

cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_desktop>>6.0

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_desktop>>7.0

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>6.0

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>7.0

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_aus>>7.6

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_eus>>7.5

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_eus>>7.6

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_tus>>7.6

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>6.0

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>7.0

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>8.0

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>9.0

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Canonical Ltd.

>>ubuntu_linux>>14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>17.10

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

HP Inc.

>>xp7_command_view>>*

cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*

Schneider Electric SE

>>struxureware_data_center_expert>>Versions before 7.6.0(exclusive)

cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	secalert_us@oracle.com	Patch Vendor Advisory
http://www.securityfocus.com/bid/103817	secalert_us@oracle.com	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040697	secalert_us@oracle.com	Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:1188	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1191	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1201	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1202	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1203	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1204	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1205	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1206	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1270	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1278	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1721	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1722	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1723	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1724	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1974	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1975	secalert_us@oracle.com	Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	secalert_us@oracle.com	Third Party Advisory
https://security.gentoo.org/glsa/201903-14	secalert_us@oracle.com	Third Party Advisory
https://security.netapp.com/advisory/ntap-20180419-0001/	secalert_us@oracle.com	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us	secalert_us@oracle.com	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us	secalert_us@oracle.com	Third Party Advisory
https://usn.ubuntu.com/3644-1/	secalert_us@oracle.com	Third Party Advisory
https://usn.ubuntu.com/3691-1/	secalert_us@oracle.com	Third Party Advisory
https://www.debian.org/security/2018/dsa-4185	secalert_us@oracle.com	Third Party Advisory
https://www.debian.org/security/2018/dsa-4225	secalert_us@oracle.com	Third Party Advisory