Veracode Vulnerability DatabaseVERACODE:18954Improper Access Control
0.002 Low
EPSS
Percentile
61.6%
Oracle Java SE is vulnerable to improper access control vulnerability. This is because the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions.
References
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
www.securityfocus.com/bid/102576
www.securitytracker.com/id/1040203
access.redhat.com/errata/RHSA-2018:0095
access.redhat.com/errata/RHSA-2018:0099
access.redhat.com/errata/RHSA-2018:0100
access.redhat.com/errata/RHSA-2018:0115
access.redhat.com/errata/RHSA-2018:0349
access.redhat.com/errata/RHSA-2018:0351
access.redhat.com/errata/RHSA-2018:0352
access.redhat.com/errata/RHSA-2018:0458
access.redhat.com/errata/RHSA-2018:0521
access.redhat.com/errata/RHSA-2018:1463
access.redhat.com/errata/RHSA-2018:1812
access.redhat.com/security/updates/classification/#important
help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
lists.debian.org/debian-lts-announce/2018/04/msg00003.html
security.netapp.com/advisory/ntap-20180117-0001/
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us
usn.ubuntu.com/3613-1/
usn.ubuntu.com/3614-1/
www.debian.org/security/2018/dsa-4144
www.debian.org/security/2018/dsa-4166
Related
