ByteOS Network

NVD Vulnerability Details :

CVE-2018-2811

Analyzed

Source-secalert_us@oracle.com

Published At-19 Apr, 2018 | 02:29

Updated At-22 Nov, 2023 | 19:40

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.7	HIGH	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary	2.0	3.7	LOW	AV:L/AC:H/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 7.7

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 3.7

Base severity: LOW

Vector:

AV:L/AC:H/Au:N/C:P/I:P/A:P

CPE Matches

Oracle Corporation

>>jdk>>1.8.0

cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*

Oracle Corporation

>>jdk>>10

cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*

Oracle Corporation

>>jre>>1.8.0

cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*

Oracle Corporation

>>jre>>10

cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>6.0

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>7.0

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>6.0

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>7.0

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Schneider Electric SE

>>struxureware_data_center_expert>>Versions before 7.6.0(exclusive)

cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	secalert_us@oracle.com	Patch Vendor Advisory
http://www.securityfocus.com/bid/103810	secalert_us@oracle.com	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040697	secalert_us@oracle.com	Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:1202	secalert_us@oracle.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1204	secalert_us@oracle.com	Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	secalert_us@oracle.com	Third Party Advisory
https://security.gentoo.org/glsa/201903-14	secalert_us@oracle.com	Third Party Advisory
https://security.netapp.com/advisory/ntap-20180419-0001/	secalert_us@oracle.com	Third Party Advisory