Lucene search

[email protected]CVE-2017-10125

HistoryAug 08, 2017 - 3:29 p.m.

CVE-2017-10125

2017-08-0815:29:04

[email protected]

web.nvd.nist.gov

oracle java

cve-2017-10125

java se

deployment

vulnerability

security

nvd

cvss 3.0

java auto update

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.1 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.9%

JSON

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

Affected configurations

NVD

Node

oraclejdkMatch1.7.0update141

oraclejdkMatch1.8.0update131

oraclejreMatch1.7.0update141

oraclejreMatch1.8.0update131

Node

netappactive_iq_unified_managerRange7.3≥windows

netappactive_iq_unified_managerRange9.5≥vmware_vsphere

netappcloud_backupMatch-

netappe-series_santricity_os_controllerRange11.0–11.70.1

netappe-series_santricity_storage_managerMatch-

netappelement_softwareMatch-

netapponcommand_balanceMatch-

netapponcommand_insightMatch-

netapponcommand_performance_managerMatch-vmware_vsphere

netapponcommand_shiftMatch-

netapponcommand_unified_managerRange≤7.1vsphere

netapponcommand_unified_managerRange≤7.1windows

netapponcommand_unified_managerMatch-7-mode

netappplug-in_for_symantec_netbackupMatch-

netappsnapmanagerMatch-oracle

netappsnapmanagerMatch-sap

netappsteelstore_cloud_integrated_storageMatch-

netappstorage_replication_adapter_for_clustered_data_ontapRange7.2≥windows

netappstorage_replication_adapter_for_clustered_data_ontapMatch9.6vmware_vsphere

netappvasa_provider_for_clustered_data_ontapRange7.2≥

netappvasa_provider_for_clustered_data_ontapMatch6.0

netappvirtual_storage_consoleRange7.2≥vmware_vsphere

netappvirtual_storage_consoleMatch6.0vmware_vsphere

CPENameOperatorVersion
oracle:jdkoracle jdkeq1.7.0
oracle:jdkoracle jdkeq1.8.0
oracle:jreoracle jreeq1.7.0
oracle:jreoracle jreeq1.8.0

CPE	Name	Operator	Version
oracle:jdk	oracle jdk	eq	1.7.0
oracle:jdk	oracle jdk	eq	1.8.0
oracle:jre	oracle jre	eq	1.7.0
oracle:jre	oracle jre	eq	1.8.0

CNA Affected

[
  {
    "product": "Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Java SE: 7u141"
      },
      {
        "status": "affected",
        "version": "8u131"
      }
    ]
  }
]