2.6
CVSSv2

CVE-2018-3136

Published: 17/10/2018 Updated: 19/12/2018
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
CVSS v3 Base Score: 3.4 | Impact Score: 1.4 | Exploitability Score: 1.6
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Summary

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N).

Vulnerability Trend

Affected Products

Vendor Product Versions
OracleJdk1.6.0, 1.7.0, 1.8.0, 11.0.0
OracleJre1.6.0, 1.7.0, 1.8.0, 11.0.0
RedhatEnterprise Linux Desktop6.0, 7.0
RedhatEnterprise Linux Server6.0, 7.0
RedhatEnterprise Linux Server Eus7.5
RedhatEnterprise Linux Workstation6.0, 7.0

Vendor Advisories

Synopsis Important: java-170-openjdk security update Type/Severity Security Advisory: Important Topic An update for java-170-openjdk is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-170-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Synopsis Critical: java-180-openjdk security update Type/Severity Security Advisory: Critical Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System ...
Synopsis Important: java-170-openjdk security update Type/Severity Security Advisory: Important Topic An update for java-170-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security) Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181 Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embed ...
Synopsis Critical: java-11-openjdk security update Type/Severity Security Advisory: Critical Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS ...
Synopsis Critical: java-171-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-171-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-170-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Synopsis Critical: java-171-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-171-ibm is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Synopsis Critical: java-180-openjdk security update Type/Severity Security Advisory: Critical Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System ...
Synopsis Moderate: java-171-ibm security update Type/Severity Security Advisory: Moderate Topic An update for java-171-ibm is now available for Red Hat Satellite 56 and Red Hat Satellite 57Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Synopsis Critical: java-180-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Synopsis Moderate: java-180-ibm security update Type/Severity Security Advisory: Moderate Topic An update for java-180-ibm is now available for Red Hat Satellite 58Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Synopsis Important: java-160-sun security update Type/Severity Security Advisory: Important Topic An update for java-160-sun is now available for Oracle Java for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Synopsis Critical: java-180-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Synopsis Critical: java-180-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-180-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Several security issues were fixed in OpenJDK 7 ...
Synopsis Important: java-160-sun security update Type/Severity Security Advisory: Important Topic An update for java-160-sun is now available for Oracle Java for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Synopsis Critical: java-180-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-180-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Several security issues were fixed in OpenJDK ...
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, incomplete TLS identity verification, information disclosure or the execution of arbitrary code For the stable distribution (stretch), these problems have been fixed in version 8u181-b13-2~deb9u1 ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security) Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181 Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embed ...
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE) Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28319 Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, ...
IBM MessageSight has addressed the following Java vulnerabilities: CVE-2018-3183: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting) CVE-2018-3169: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot) CVE-2018-3149: Vulnerability in the Java SE, ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Agile Service Manager Agile Service Manager has addressed the applicable CVEs ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, used by the OS Images for IBM PureApplication System These issues were disclosed as part of the IBM Java SDK quarterly updates in October 2018, and the following vulnerabilities have been addressed ...
There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Storwize V7000 Unified These issues were disclosed as part of the IBM Java SDK updates in Oct 2018 ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, used by the IBM PureApplication System These issues were disclosed as part of the IBM Java SDK quarterly updates in July and October 2018, and the following vulnerabilities have been addressed ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Monitoring IBM Monitoring has addressed the applicable CVEs ...
The BigFix Compliance product may be subject to third-party vulnerabilities in the areas of confidentiality, integrity, availability, and others These vulnerabilities have been addressed in release 1101 Further details on the specific modules, scores, and vulnerabilities are provided below ...
There are vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU used by IBM Streams IBM Streams has addressed the applicable CVEs ...
There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components ...
There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server These issues were disclosed as part of the IBM Java SDK updates in October 2018 ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 80 SR5 that is used by IBM Security AppScan Enterprise These issues were disclosed as part of the IBM Java SDK updates in October 2018 ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM® Cloud App Management V201841 IBM® Cloud App Management has addressed the applicable CVEs in a later version ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 80520 used by IBM Cloud Transformation Advisor IBM Cloud Transformation Advisor has addressed the applicable CVEs These issues were disclosed as part of the IBM Java SDK updates in October 2018 ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 701040 used by IBM Cloud Manager with OpenStack IBM Cloud Manager with OpenStack has addressed the applicable CVEs These issues were disclosed as part of the IBM Java SDK updates in October 2018 ...
IBM Db2 Query Management Facility for z/OS and Enterprise Edition has addressed the following vulnerability ...
There are multiple vulnerabilities in Oracle Java SE which is used by IBM Spectrum Protect™ Plus These issues were disclosed as part of the Oracle Critical Patch Update (CPU) in October 2018 ...
Oracle Linux Bulletin - October 2018 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot) Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181 Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded Suc ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking) Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181 Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Emb ...
Oracle Critical Patch Update Advisory - October 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to multiple security vulnerabilities There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 included in this release of IGI These issues were disclosed as part of the IB ...
IBM Security Privileged Identity Manager has addressed the following vulnerabilities ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4326-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff October 25, 2018 wwwdebianorg/security/faq ...