8.3

CVE-2018-3149

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Data is provided by the National Vulnerability Database (NVD)
OracleJdk Version1.6.0 Updateupdate201
OracleJdk Version1.7.0 Updateupdate191
OracleJdk Version1.8.0 Updateupdate181
OracleJdk Version11.0.0
OracleJre Version1.6.0 Updateupdate201
OracleJre Version1.7.0 Updateupdate191
OracleJre Version1.8.0 Updateupdate181
OracleJre Version11.0.0
OracleJrockit Versionr28.3.19
RedhatSatellite Version5.6
RedhatSatellite Version5.7
RedhatSatellite Version5.8
RedhatEnterprise Linux Eus Version7.6
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
HpXp7 Command View SwEditionadvanced Version < 8.6.3-00
HpXp7 Command View Version8.6.4-00 SwEditionadvanced
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.13% 0.332
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.3 1.6 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
http://www.securitytracker.com/id/1041889
Third Party Advisory
Broken Link
VDB Entry
https://usn.ubuntu.com/3804-1/
Third Party Advisory
https://usn.ubuntu.com/3824-1/
Third Party Advisory
http://www.securityfocus.com/bid/105608
Third Party Advisory
Broken Link
VDB Entry