Design/Logic Flaw

2018-04-1902:29:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.2%

JSON

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq14.04
ubuntu_linuxeq17.10
debian_linuxeq8.0
debian_linuxeq9.0
jdkeq1.8.0 update162
jdkeq1.7.0 update171
jdkeq1.6.0 update181
jdkeq10
jreeq1.6.0 update181

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	17.10
debian_linux	eq	8.0
debian_linux	eq	9.0
jdk	eq	1.8.0 update162
jdk	eq	1.7.0 update171
jdk	eq	1.6.0 update181
jdk	eq	10
jre	eq	1.6.0 update181