It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file.
Find out more about CVE-2018-2602 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 4.5 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
Attack Vector | Local |
Attack Complexity | High |
Privileges Required | None |
User Interaction | Required |
Scope | Unchanged |
Confidentiality | Low |
Integrity Impact | Low |
Availability Impact | Low |
Platform | Errata | Release Date |
---|---|---|
Oracle Java for Red Hat Enterprise Linux 6 (java-1.8.0-oracle) | RHSA-2018:0099 | 2018-01-18 |
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) | RHSA-2018:0349 | 2018-02-26 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) | RHSA-2018:0100 | 2018-01-18 |
Red Hat Satellite 5.8 (RHEL v.6) (java-1.8.0-ibm) | RHSA-2018:1463 | 2018-05-15 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.8.0-ibm) | RHSA-2018:0351 | 2018-02-26 |
Red Hat Satellite 5.6 (RHEL v.6) (java-1.7.1-ibm) | RHSA-2018:1812 | 2018-06-07 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) | RHSA-2018:0521 | 2018-03-14 |
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk) | RHSA-2018:0095 | 2018-01-17 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) | RHSA-2018:0458 | 2018-03-07 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) | RHSA-2018:0115 | 2018-01-22 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.8.0-ibm) | RHSA-2018:0352 | 2018-02-26 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.6.0-sun) | RHSA-2018:0115 | 2018-01-22 |
Red Hat Satellite 5.7 (RHEL v.6) (java-1.7.1-ibm) | RHSA-2018:1812 | 2018-06-07 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) | RHSA-2018:0100 | 2018-01-18 |
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) | RHSA-2018:0095 | 2018-01-17 |
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) | RHSA-2018:0349 | 2018-02-26 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.8.0-oracle) | RHSA-2018:0099 | 2018-01-18 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 6 | java-1.6.0-ibm | Will not fix |