5
CVSSv2

CVE-2018-3214

Published: 17/10/2018 Updated: 19/12/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Vulnerability Trend

Affected Products

Vendor Advisories

Synopsis Important: java-170-openjdk security update Type/Severity Security Advisory: Important Topic An update for java-170-openjdk is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Critical: java-171-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-171-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound) Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28319 Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Jav ...
Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-170-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Synopsis Critical: java-180-openjdk security update Type/Severity Security Advisory: Critical Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System ...
Synopsis Critical: java-180-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Synopsis Important: java-170-openjdk security update Type/Severity Security Advisory: Important Topic An update for java-170-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Moderate: java-180-ibm security update Type/Severity Security Advisory: Moderate Topic An update for java-180-ibm is now available for Red Hat Satellite 58Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Synopsis Moderate: java-171-ibm security update Type/Severity Security Advisory: Moderate Topic An update for java-171-ibm is now available for Red Hat Satellite 56 and Red Hat Satellite 57Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-170-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Synopsis Critical: java-171-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-171-ibm is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Synopsis Critical: java-180-openjdk security update Type/Severity Security Advisory: Critical Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System ...
Synopsis Important: java-160-sun security update Type/Severity Security Advisory: Important Topic An update for java-160-sun is now available for Oracle Java for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Synopsis Critical: java-180-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Synopsis Critical: java-180-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-180-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Synopsis Important: java-160-sun security update Type/Severity Security Advisory: Important Topic An update for java-160-sun is now available for Oracle Java for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Synopsis Critical: java-180-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-180-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
Several security issues were fixed in OpenJDK ...
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, incomplete TLS identity verification, information disclosure or the execution of arbitrary code For the stable distribution (stretch), these problems have been fixed in version 8u181-b13-2~deb9u1 ...
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE) Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28319 Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security) Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181 Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embed ...
There are multiple vulnerabilities in IBM® Java SE distribution that are fixed in the October release IBM i2 Enterprise Insight Analysis 218 and 220 are impacted by these Java Vulnerabilities This security bulletin explains the issue and how to remediate it In summary download the new IBM Java JDK and apply it to your system ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Agile Service Manager Agile Service Manager has addressed the applicable CVEs ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, used by the OS Images for IBM PureApplication System These issues were disclosed as part of the IBM Java SDK quarterly updates in October 2018, and the following vulnerabilities have been addressed ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, used by the IBM PureApplication System These issues were disclosed as part of the IBM Java SDK quarterly updates in July and October 2018, and the following vulnerabilities have been addressed ...
There are vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU used by IBM Streams IBM Streams has addressed the applicable CVEs ...
The BigFix Compliance product may be subject to third-party vulnerabilities in the areas of confidentiality, integrity, availability, and others These vulnerabilities have been addressed in release 1101 Further details on the specific modules, scores, and vulnerabilities are provided below ...
There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server These issues were disclosed as part of the IBM Java SDK updates in October 2018 ...
There are multiple vulnerabilities in Oracle Java SE which is used by IBM Spectrum Protect™ Plus These issues were disclosed as part of the Oracle Critical Patch Update (CPU) in October 2018 ...
There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 80520 used by IBM Cloud Transformation Advisor IBM Cloud Transformation Advisor has addressed the applicable CVEs These issues were disclosed as part of the IBM Java SDK updates in October 2018 ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 701040 used by IBM Cloud Manager with OpenStack IBM Cloud Manager with OpenStack has addressed the applicable CVEs These issues were disclosed as part of the IBM Java SDK updates in October 2018 ...
IBM Db2 Query Management Facility for z/OS and Enterprise Edition has addressed the following vulnerability ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 80 SR5 that is used by IBM Security AppScan Enterprise These issues were disclosed as part of the IBM Java SDK updates in October 2018 ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM® Cloud App Management V201841 IBM® Cloud App Management has addressed the applicable CVEs in a later version ...
Oracle Linux Bulletin - October 2018 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot) Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181 Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded Suc ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking) Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181 Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Emb ...
Oracle Critical Patch Update Advisory - October 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to multiple security vulnerabilities There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 included in this release of IGI These issues were disclosed as part of the IB ...
IBM Security Privileged Identity Manager has addressed the following vulnerabilities ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4326-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff October 25, 2018 wwwdebianorg/security/faq ...