CVE-2018-2972

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). The supported version that is affected is Java SE: 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
oraclejdk
10.0.1
oraclejre
10.0.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-lts
artful
dne
bionic
Fixed 10.0.2+13-1ubuntu0.18.04.1
released
trusty
dne
xenial
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
java-10-openjdk
suse enterprise desktop 15
10.0.2.0-3.3.3
fixed
suse enterprise sap 15
10.0.2.0-3.3.3
fixed
suse enterprise sap 15 SP1
10.0.2.0-3.3.3
fixed
suse enterprise server 15
10.0.2.0-3.3.3
fixed
suse enterprise server 15 SP1
10.0.2.0-3.3.3
fixed
java-10-openjdk-demo
suse enterprise desktop 15
10.0.2.0-3.3.3
fixed
suse enterprise sap 15
10.0.2.0-3.3.3
fixed
suse enterprise sap 15 SP1
10.0.2.0-3.3.3
fixed
suse enterprise server 15
10.0.2.0-3.3.3
fixed
suse enterprise server 15 SP1
10.0.2.0-3.3.3
fixed
java-10-openjdk-devel
suse enterprise desktop 15
10.0.2.0-3.3.3
fixed
suse enterprise sap 15
10.0.2.0-3.3.3
fixed
suse enterprise sap 15 SP1
10.0.2.0-3.3.3
fixed
suse enterprise server 15
10.0.2.0-3.3.3
fixed
suse enterprise server 15 SP1
10.0.2.0-3.3.3
fixed
java-10-openjdk-headless
suse enterprise desktop 15
10.0.2.0-3.3.3
fixed
suse enterprise sap 15
10.0.2.0-3.3.3
fixed
suse enterprise sap 15 SP1
10.0.2.0-3.3.3
fixed
suse enterprise server 15
10.0.2.0-3.3.3
fixed
suse enterprise server 15 SP1
10.0.2.0-3.3.3
fixed
References
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.securityfocus.com/bid/104782
http://www.securitytracker.com/id/1041302
https://security.netapp.com/advisory/ntap-20180726-0001/
https://usn.ubuntu.com/3747-1/
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.securityfocus.com/bid/104782
http://www.securitytracker.com/id/1041302
https://security.netapp.com/advisory/ntap-20180726-0001/
https://usn.ubuntu.com/3747-1/