Critical severity9.0NVD Advisory· Published Aug 8, 2017· Updated May 13, 2026

CVE-2017-10102

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

Affected products

NetApp/Active Iq Unified Manager2 versions
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*+ 1 more
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*range: >=9.5
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*range: >=7.3
NetApp/Cloud Backup
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
NetApp/Element Software
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
NetApp/E Series Santricity Os Controller
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Range: >=11.0,<=11.70.1
NetApp/E Series Santricity Storage Manager
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
NetApp/Oncommand Balance
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
NetApp/Oncommand Insight
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
NetApp/Oncommand Performance Manager
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
NetApp/Oncommand Shift
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
NetApp/Oncommand Unified Manager3 versions
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*+ 2 more
- cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
- cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*range: <=7.1
- cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*range: <=7.1
NetApp/Plug In For Symantec Netbackup
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
NetApp/Snapmanager2 versions
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*+ 1 more
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
NetApp/Steelstore Cloud Integrated Storage
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
NetApp/Storage Replication Adapter For Clustered Data Ontap2 versions
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*range: >=7.2
NetApp/Vasa Provider For Clustered Data Ontap2 versions
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*range: >=7.2
- cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*
NetApp/Virtual Storage Console2 versions
cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*+ 1 more
- cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*range: >=7.2
Oracle Corporation/Jdk3 versions
cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*
Oracle Corporation/Jre3 versions
cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*
Phoenixcontact/Fl Mguard Dm
cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*
Range: <=1.8.0
Red Hat/Satellite
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus5 versions
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus4 versions
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Tus4 versions
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Oracle Corporation/Javav5
Range: Java SE: 6u151

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlnvdPatchVendor Advisory
www.debian.org/security/2017/dsa-3919nvdThird Party Advisory
www.debian.org/security/2017/dsa-3954nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:1789nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:1790nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:1791nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:1792nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:2424nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:2469nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:2481nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:2530nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:3453nvdThird Party Advisory
cert.vde.com/en-us/advisories/vde-2017-002nvdThird Party Advisory
security.gentoo.org/glsa/201709-22nvdThird Party Advisory
security.netapp.com/advisory/ntap-20170720-0001/nvdThird Party Advisory
www.securityfocus.com/bid/99712nvdBroken Link
www.securitytracker.com/id/1038931nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000