CVE-2018-2794
Description
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
114- Range: = R28.3.17
- Range: <= 10 >= 6u181
- osv-coords111 versionspkg:apk/chainguard/corretto-8pkg:apk/chainguard/corretto-8-dbgpkg:apk/chainguard/corretto-8-default-jdkpkg:apk/chainguard/corretto-8-default-jvmpkg:apk/chainguard/corretto-8-demospkg:apk/chainguard/corretto-8-docpkg:apk/chainguard/corretto-8-jrepkg:apk/chainguard/openjdk-11-openj9pkg:apk/chainguard/openjdk-11-openj9-dbgpkg:apk/chainguard/openjdk-11-openj9-default-jdkpkg:apk/chainguard/openjdk-11-openj9-default-jvmpkg:apk/chainguard/openjdk-11-openj9-default-policypkg:apk/chainguard/openjdk-11-openj9-docpkg:apk/chainguard/openjdk-11-openj9-jmodspkg:apk/chainguard/openjdk-11-openj9-jrepkg:apk/chainguard/openjdk-17-openj9pkg:apk/chainguard/openjdk-17-openj9-dbgpkg:apk/chainguard/openjdk-17-openj9-default-jdkpkg:apk/chainguard/openjdk-17-openj9-default-jvmpkg:apk/chainguard/openjdk-17-openj9-default-policypkg:apk/chainguard/openjdk-17-openj9-docpkg:apk/chainguard/openjdk-17-openj9-jmodspkg:apk/chainguard/openjdk-17-openj9-jrepkg:apk/chainguard/openjdk-21-openj9pkg:apk/chainguard/openjdk-21-openj9-dbgpkg:apk/chainguard/openjdk-21-openj9-default-jdkpkg:apk/chainguard/openjdk-21-openj9-default-jvmpkg:apk/chainguard/openjdk-21-openj9-default-policypkg:apk/chainguard/openjdk-21-openj9-docpkg:apk/chainguard/openjdk-21-openj9-jmodspkg:apk/chainguard/openjdk-21-openj9-jrepkg:apk/chainguard/openjdk-25-openj9-jmodspkg:apk/chainguard/openjdk-26-openj9-jrepkg:apk/chainguard/openjdk-8pkg:apk/chainguard/openjdk-8-dbgpkg:apk/chainguard/openjdk-8-default-jdkpkg:apk/chainguard/openjdk-8-default-jvmpkg:apk/chainguard/openjdk-8-demospkg:apk/chainguard/openjdk-8-docpkg:apk/chainguard/openjdk-8-jrepkg:apk/chainguard/openjdk-8-jre-basepkg:apk/chainguard/openjdk-8-jre-libpkg:apk/chainguard/openjdk-8-openj9pkg:apk/chainguard/openjdk-8-openj9-dbgpkg:apk/chainguard/openjdk-8-openj9-default-jdkpkg:apk/chainguard/openjdk-8-openj9-default-jvmpkg:apk/chainguard/openjdk-8-openj9-docpkg:apk/chainguard/openjdk-8-openj9-jrepkg:apk/wolfi/openjdk-8pkg:apk/wolfi/openjdk-8-dbgpkg:apk/wolfi/openjdk-8-default-jdkpkg:apk/wolfi/openjdk-8-default-jvmpkg:apk/wolfi/openjdk-8-demospkg:apk/wolfi/openjdk-8-docpkg:apk/wolfi/openjdk-8-jrepkg:apk/wolfi/openjdk-8-jre-basepkg:apk/wolfi/openjdk-8-jre-libpkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-13-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-15-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20OpenStack%20Cloud%207
< 8.462.08.1-r2+ 110 more
- (no CPE)range: < 8.462.08.1-r2
- (no CPE)range: < 8.462.08.1-r2
- (no CPE)range: < 8.462.08.1-r2
- (no CPE)range: < 8.462.08.1-r2
- (no CPE)range: < 8.462.08.1-r2
- (no CPE)range: < 8.462.08.1-r2
- (no CPE)range: < 8.462.08.1-r2
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 11.0.12.0-3.1
- (no CPE)range: < 13.0.8.0-3.1
- (no CPE)range: < 15.0.4.0-2.1
- (no CPE)range: < 1.8.0.302-2.2
- (no CPE)range: < 1.7.0_sr10.25-65.25.1
- (no CPE)range: < 1.7.0_sr10.25-65.25.1
- (no CPE)range: < 1.7.0_sr10.25-65.25.1
- (no CPE)range: < 1.7.0.181-43.15.2
- (no CPE)range: < 1.7.0.181-43.15.2
- (no CPE)range: < 1.7.0.181-43.15.2
- (no CPE)range: < 1.7.0.181-43.15.2
- (no CPE)range: < 1.7.0.181-43.15.2
- (no CPE)range: < 1.7.0.181-43.15.2
- (no CPE)range: < 1.7.0.181-43.15.2
- (no CPE)range: < 1.7.0.181-43.15.2
- (no CPE)range: < 1.7.0.181-43.15.2
- (no CPE)range: < 1.7.0.181-43.15.2
- (no CPE)range: < 1.7.0.181-43.15.2
- (no CPE)range: < 1.7.1_sr4.25-38.23.1
- (no CPE)range: < 1.7.1_sr4.25-26.26.1
- (no CPE)range: < 1.7.1_sr4.25-38.23.1
- (no CPE)range: < 1.7.1_sr4.25-38.23.1
- (no CPE)range: < 1.7.1_sr4.25-38.23.1
- (no CPE)range: < 1.7.1_sr4.25-38.23.1
- (no CPE)range: < 1.7.1_sr4.25-38.23.1
- (no CPE)range: < 1.7.1_sr4.25-26.26.1
- (no CPE)range: < 1.7.1_sr4.25-38.23.1
- (no CPE)range: < 1.7.1_sr4.25-38.23.1
- (no CPE)range: < 1.7.1_sr4.25-38.23.1
- (no CPE)range: < 1.7.1_sr4.25-26.26.1
- (no CPE)range: < 1.7.1_sr4.25-38.23.1
- (no CPE)range: < 1.7.1_sr4.25-38.23.1
- (no CPE)range: < 1.8.0_sr5.15-30.33.1
- (no CPE)range: < 1.8.0_sr5.15-3.3.4
- (no CPE)range: < 1.8.0_sr5.15-30.33.1
- (no CPE)range: < 1.8.0_sr5.15-30.33.1
- (no CPE)range: < 1.8.0_sr5.15-30.33.1
- (no CPE)range: < 1.8.0_sr5.15-30.33.1
- (no CPE)range: < 1.8.0_sr5.15-30.33.1
- (no CPE)range: < 1.8.0_sr5.15-30.33.1
- (no CPE)range: < 1.8.0_sr5.15-30.33.1
- (no CPE)range: < 1.8.0_sr5.15-30.33.1
- (no CPE)range: < 1.8.0_sr5.15-30.33.1
- (no CPE)range: < 1.8.0.171-27.19.1
- (no CPE)range: < 1.8.0.171-27.19.1
- (no CPE)range: < 1.8.0.171-3.3.2
- (no CPE)range: < 1.8.0.171-27.19.1
- (no CPE)range: < 1.8.0.171-27.19.1
- (no CPE)range: < 1.8.0.171-27.19.1
- (no CPE)range: < 1.8.0.171-27.19.1
- (no CPE)range: < 1.8.0.171-27.19.1
- (no CPE)range: < 1.8.0.171-27.19.1
- (no CPE)range: < 1.8.0.171-27.19.1
- (no CPE)range: < 1.8.0.171-27.19.1
- Range: Java SE: 6u181
Patches
Vulnerability mechanics
References
28- www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/103817nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040697nvdBroken LinkThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:1188nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1191nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1201nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1202nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1203nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1204nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1205nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1206nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1270nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1278nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1721nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1722nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1723nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1724nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1974nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1975nvdThird Party Advisory
- help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0nvdThird Party Advisory
- security.gentoo.org/glsa/201903-14nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20180419-0001/nvdThird Party Advisory
- support.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
- support.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
- usn.ubuntu.com/3644-1/nvdThird Party Advisory
- usn.ubuntu.com/3691-1/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4185nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4225nvdThird Party Advisory
News mentions
0No linked articles in our index yet.