High severity7.5NVD Advisory· Published Aug 8, 2017· Updated May 13, 2026

CVE-2017-10118

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected products

NetApp/Active Iq Unified Manager2 versions
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*+ 1 more
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*range: >=9.5
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*range: >=7.3
NetApp/Cloud Backup
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
NetApp/Element Software
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
NetApp/E Series Santricity Os Controller
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Range: >=11.0,<=11.70.1
NetApp/E Series Santricity Storage Manager
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
NetApp/Oncommand Balance
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
NetApp/Oncommand Insight
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
NetApp/Oncommand Performance Manager
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
NetApp/Oncommand Shift
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
NetApp/Oncommand Unified Manager3 versions
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*+ 2 more
- cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
- cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*range: <=7.1
- cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*range: <=7.1
NetApp/Plug In For Symantec Netbackup
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
NetApp/Snapmanager2 versions
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*+ 1 more
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
NetApp/Steelstore Cloud Integrated Storage
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
NetApp/Storage Replication Adapter For Clustered Data Ontap2 versions
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*+ 1 more
- cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*range: >=7.2
NetApp/Vasa Provider For Clustered Data Ontap2 versions
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*range: >=7.2
- cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*
NetApp/Virtual Storage Console2 versions
cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*+ 1 more
- cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*range: >=7.2
Oracle Corporation/Jdk2 versions
cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*
Oracle Corporation/Jre2 versions
cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*
Oracle Corporation/Jrockit
cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*
Phoenixcontact/Fl Mguard Dm
cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*
Range: <=1.8.0
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Oracle Corporation/Javav5
Range: Java SE: 7u141

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlnvdPatchVendor Advisory
www.debian.org/security/2017/dsa-3919nvdThird Party Advisory
www.debian.org/security/2017/dsa-3954nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:1790nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:1791nvdThird Party Advisory
cert.vde.com/en-us/advisories/vde-2017-002nvdThird Party Advisory
security.gentoo.org/glsa/201709-22nvdThird Party Advisory
security.netapp.com/advisory/ntap-20170720-0001/nvdThird Party Advisory
www.securityfocus.com/bid/99782nvdBroken Link
www.securitytracker.com/id/1038931nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000