CVE-2017-10125

6 documents6 sources

Severity

7.1HIGH

EPSS

0.3%

top 44.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp E-series Santricity OS Controller Netapp Oncommand Unified Manager Oracle Corporation Java +6 more

Timeline

PublishedAug 8

Latest updateMay 13

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1…

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 0.5 | Impact: 6.0

Affected Packages9 packages

▶CVEListV5oracle_corporation/java8u131, Java SE: 7u141+1

▶NVDoracle/jdk1.7.0, 1.8.0+1

▶NVDoracle/jre1.7.0, 1.8.0+1

▶NVDnetapp/oncommand_unified_manager7.1

▶NVDnetapp/e-series_santricity_os_controller11.0 — 11.70.1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-w927-cwvw-mr5c: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment)↗2022-05-13

▶

CVEList

CVE-2017-10125: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment)↗2017-08-08

▶

📋Vendor Advisories

Red Hat

JDK: unspecified vulnerability fixed in 7u151 and 8u141 (Deployment)↗2017-07-18

▶

Debian

CVE-2017-10125: openjdk-8 - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployme...↗2017

▶

💬Community

Bugzilla

CVE-2017-10125 Oracle JDK: unspecified vulnerability fixed in 7u151 and 8u141 (Deployment)↗2017-07-19

▶