CVE-2018-2800 - OpenCVE

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Oracle	Jdk Jre Jrockit
Hp	Xp7 Command View
Redhat	Satellite Enterprise Linux Server Eus Enterprise Linux Server Aus Enterprise Linux Server Tus Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server
Canonical	Ubuntu Linux
Schneider-electric	Struxureware Data Center Expert
Debian	Debian Linux

Configuration 1 [-]

OR	cpe:2.3:a:oracle:jdk:1.6.0:update181::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update171::::::
	cpe:2.3:a:oracle:jdk:1.8.0:update162::::::
	cpe:2.3:a:oracle:jre:1.6.0:update181::::::
	cpe:2.3:a:oracle:jre:1.7.0:update171::::::
	cpe:2.3:a:oracle:jre:1.8.0:update162::::::

Configuration 2 [-]

cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:redhat:satellite:5.6:::::::*
	cpe:2.3:a:redhat:satellite:5.7:::::::*
	cpe:2.3:a:redhat:satellite:5.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

Configuration 6 [-]

OR	cpe:2.3:a:schneider-electric:struxureware_data_center_expert::::::::
	cpe:2.3:a:schneider-electric:struxureware_data_center_expert::::::::

Configuration 7 [-]

cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/103849	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040697	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:1188	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1191	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1201	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1202	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1203	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1204	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1205	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1206	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1270	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1278	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1721	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1722	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1723	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1724	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1974	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1975	Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	Third Party Advisory
https://security.gentoo.org/glsa/201903-14	Third Party Advisory
https://security.netapp.com/advisory/ntap-20180419-0001/	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us	Third Party Advisory
https://usn.ubuntu.com/3644-1/	Third Party Advisory
https://usn.ubuntu.com/3691-1/	Third Party Advisory
https://www.debian.org/security/2018/dsa-4185	Third Party Advisory
https://www.debian.org/security/2018/dsa-4225	Third Party Advisory