ByteOS Network

NVD Vulnerability Details :

CVE-2018-2800

Analyzed

Source-secalert_us@oracle.com

Published At-19 Apr, 2018 | 02:29

Updated At-13 May, 2022 | 14:57

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	4.2	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary	2.0	4.0	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:N

Type: Primary

Version: 3.0

Base score: 4.2

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Type: Primary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:H/Au:N/C:P/I:P/A:N

CPE Matches

Oracle Corporation

>>jdk>>1.6.0

cpe:2.3:a:oracle:jdk:1.6.0:update181:*:*:*:*:*:*

Oracle Corporation

>>jdk>>1.7.0

cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*

Oracle Corporation

>>jdk>>1.8.0

cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*

Oracle Corporation

>>jre>>1.6.0

cpe:2.3:a:oracle:jre:1.6.0:update181:*:*:*:*:*:*

Oracle Corporation

>>jre>>1.7.0

cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*

Oracle Corporation

>>jre>>1.8.0

cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*

Oracle Corporation

>>jrockit>>r28.3.17

cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*

Red Hat, Inc.

>>satellite>>5.6

cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>satellite>>5.7

cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*

Red Hat, Inc.

>>satellite>>5.8

cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_desktop>>6.0

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_desktop>>7.0

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>6.0

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>7.0

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_aus>>7.6

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_eus>>7.5

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_eus>>7.6

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_tus>>7.6

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>6.0

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>7.0

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>8.0

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>9.0

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Canonical Ltd.

>>ubuntu_linux>>14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>17.10

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Schneider Electric SE

>>struxureware_data_center_expert>>*

cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*

Schneider Electric SE

>>struxureware_data_center_expert>>Versions before 7.6.0(exclusive)

cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*

HP Inc.

>>xp7_command_view>>*

cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	secalert_us@oracle.com	Patch Vendor Advisory
http://www.securityfocus.com/bid/103849	secalert_us@oracle.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040697	secalert_us@oracle.com	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:1188	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1191	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1201	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1202	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1203	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1204	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1205	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1206	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1270	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1278	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1721	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1722	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1723	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1724	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1974	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1975	secalert_us@oracle.com	Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	secalert_us@oracle.com	Third Party Advisory
https://security.gentoo.org/glsa/201903-14	secalert_us@oracle.com	Third Party Advisory
https://security.netapp.com/advisory/ntap-20180419-0001/	secalert_us@oracle.com	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us	secalert_us@oracle.com	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us	secalert_us@oracle.com	Third Party Advisory
https://usn.ubuntu.com/3644-1/	secalert_us@oracle.com	Third Party Advisory
https://usn.ubuntu.com/3691-1/	secalert_us@oracle.com	Third Party Advisory
https://www.debian.org/security/2018/dsa-4185	secalert_us@oracle.com	Third Party Advisory
https://www.debian.org/security/2018/dsa-4225	secalert_us@oracle.com	Third Party Advisory