8.3

CVE-2018-2633

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleJdk Version1.6.0 Updateupdate171
OracleJdk Version1.7.0 Updateupdate161
OracleJdk Version1.8.0 Updateupdate152
OracleJdk Version9.0.1
OracleJre Version1.6.0 Updateupdate171
OracleJre Version1.7.0 Updateupdate161
OracleJre Version1.8.0 Updateupdate152
OracleJre Version9.0.1
OracleJrockit Versionr28.3.16
RedhatSatellite Version5.6
RedhatSatellite Version5.7
RedhatSatellite Version5.8
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
HpXp Command View SwEditionadvanced Version >= 8.6.2-01
HpXp P9000 Command View SwEditionadvanced Version >= 8.6.2-01
HpXp7 Command View SwEditionadvanced Version >= 8.6.2-01
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.65% 0.92
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.3 1.6 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Patch
Vendor Advisory
http://www.securitytracker.com/id/1040203
Third Party Advisory
Broken Link
VDB Entry
https://access.redhat.com/errata/RHSA-2018:0095
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0099
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0100
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0115
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0349
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0351
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0352
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0458
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0521
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1463
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1812
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20180117-0001/
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us
Third Party Advisory
https://usn.ubuntu.com/3613-1/
Third Party Advisory
https://usn.ubuntu.com/3614-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4144
Third Party Advisory
https://www.debian.org/security/2018/dsa-4166
Third Party Advisory
http://www.securityfocus.com/bid/102557
Third Party Advisory
Broken Link
VDB Entry