Vulnerability Details : CVE-2018-3150
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Products affected by CVE-2018-3150
- cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-3150
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-3150
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
3.7
|
LOW | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
2.2
|
1.4
|
NIST |
References for CVE-2018-3150
-
http://www.securitytracker.com/id/1041889
Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CPU Oct 2018Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/105597
Oracle Java SE CVE-2018-3150 Remote Security VulnerabilityThird Party Advisory;VDB Entry
-
https://usn.ubuntu.com/3804-1/
USN-3804-1: OpenJDK vulnerabilities | Ubuntu security notices
-
https://security.gentoo.org/glsa/201908-10
Oracle JDK/JRE: Multiple vulnerabilities (GLSA 201908-10) — Gentoo security
-
https://access.redhat.com/errata/RHSA-2018:3521
RHSA-2018:3521 - Security Advisory - Red Hat Customer Portal
-
https://security.netapp.com/advisory/ntap-20181018-0001/
October 2018 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
Jump to