VYPR
Get started
← All advisories
Medium severity6.2NVD Advisory· Published Oct 19, 2017· Updated May 13, 2026

CVE-2017-10356

CVE-2017-10356

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected products

55
  • Oracle Corporation/Javav5
    Range: Java SE: 6u161
  • Oracle Corporation/Jdk4 versions
    cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
  • Debian/Debian Linux3 versions
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • Oracle Corporation/Jre4 versions
    cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*
  • Red Hat/Satellite
    cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Desktop2 versions
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Eus4 versions
    cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server2 versions
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Aus3 versions
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Tus3 versions
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Workstation2 versions
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • NetApp/Active Iq Unified Manager2 versions
    cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*+ 1 more
    • cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*range: >=7.3
    • cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*range: >=9.5
  • NetApp/Cloud Backup
    cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • NetApp/E Series Santricity Management Plug Ins
    cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
  • NetApp/E Series Santricity Os Controller
    cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
    Range: >=11.0,<=11.70.1
  • NetApp/E Series Santricity Storage Manager
    cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
  • NetApp/E Series Santricity Web Services
    cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
  • NetApp/Element Software
    cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
  • NetApp/Oncommand Balance
    cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
  • NetApp/Oncommand Insight
    cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • NetApp/Oncommand Performance Manager
    cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
  • NetApp/Oncommand Shift
    cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
  • NetApp/Oncommand Unified Manager3 versions
    cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*+ 2 more
    • cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*range: <=7.1
    • cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*range: <=7.1
    • cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
  • NetApp/Oncommand Workflow Automation
    cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  • NetApp/Plug In For Symantec Netbackup
    cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
  • NetApp/Snapmanager2 versions
    cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*+ 1 more
    • cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
    • cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
  • NetApp/Steelstore Cloud Integrated Storage
    cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
  • NetApp/Storage Replication Adapter For Clustered Data Ontap2 versions
    cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*+ 1 more
    • cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*range: >=7.2
    • cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*range: >=7.2
  • NetApp/Vasa Provider For Clustered Data Ontap2 versions
    cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*range: >=7.2
    • cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*
  • NetApp/Virtual Storage Console2 versions
    cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*+ 1 more
    • cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*range: >=7.2
    • cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

18

News mentions

0

No linked articles in our index yet.