CVE-2018-2627

EPSS 0.51%
Published 18.01.2018 02:29:20
Last modified 06.05.2025 15:15:55
Source secalert_us@oracle.com
Teams watchlist Login
Open Login

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to the Windows installer only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).

Affected products Warnungen 0 Metrics 4 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Oracle ≫ Jdk Version1.8.0 Updateupdate152

Oracle ≫ Jdk Version9.0.1

Oracle ≫ Jre Version1.8.0 Updateupdate152

Oracle ≫ Jre Version9.0.1

Redhat ≫ Satellite Version5.8

Netapp ≫ Active Iq Unified Manager SwPlatformwindows Version >= 7.3

Netapp ≫ Active Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5

Netapp ≫ Cloud Backup Version-

Netapp ≫ E-series Santricity Management Plug-ins Version-

Netapp ≫ E-series Santricity Os Controller Version >= 11.0 <= 11.70.1

Netapp ≫ E-series Santricity Storage Manager Version-

Netapp ≫ E-series Santricity Web Services Version- SwPlatformweb_services_proxy

Netapp ≫ Oncommand Insight Version-

Netapp ≫ Oncommand Shift Version-

Netapp ≫ Oncommand Unified Manager Version- SwPlatform7-mode

Netapp ≫ Oncommand Workflow Automation Version-

Netapp ≫ Plug-in For Symantec Netbackup Version-

Netapp ≫ Santricity Cloud Connector Version-

Netapp ≫ Snapmanager Version- SwPlatformoracle

Netapp ≫ Snapmanager Version- SwPlatformsap

Netapp ≫ Storage Replication Adapter For Clustered Data Ontap SwPlatformvmware_vsphere Version >= 7.2

Netapp ≫ Storage Replication Adapter For Clustered Data Ontap SwPlatformwindows Version >= 7.2

Netapp ≫ Storagegrid Version <= 9.0.4

Netapp ≫ Vasa Provider For Clustered Data Ontap Version >= 7.2

Netapp ≫ Vasa Provider For Clustered Data Ontap Version6.0

Netapp ≫ Virtual Storage Console SwPlatformvmware_vsphere Version >= 7.2

Netapp ≫ Virtual Storage Console Version6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.51%	0.655

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	0.8	6	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov	3.7	1.9	6.4	AV:L/AC:H/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	0.8	6	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H