Lucene search

[email protected]CVE-2018-3157

HistoryOct 17, 2018 - 1:31 a.m.

CVE-2018-3157

2018-10-1701:31:18

[email protected]

web.nvd.nist.gov

oracle

java

cve-2018-3157

security

vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

3.9 Low

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.1%

JSON

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Sound). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Affected configurations

NVD

Node

oraclejdkMatch11.0.0

oraclejreMatch11.0.0

CPENameOperatorVersion
oracle:jdkoracle jdkeq11.0.0
oracle:jreoracle jreeq11.0.0

CPE	Name	Operator	Version
oracle:jdk	oracle jdk	eq	11.0.0
oracle:jre	oracle jre	eq	11.0.0

CNA Affected

[
  {
    "product": "Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Java SE: 11"
      }
    ]
  }
]