CVE-2018-2618

CWE-327 — Broken Cryptographic Algorithm9 documents8 sources

Severity

5.9MEDIUM

EPSS

0.1%

top 67.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Struxureware Data Center Expert Oracle Corporation Java Canonical Ubuntu Linux +14 more

Timeline

PublishedJan 18

Latest updateMay 13

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages14 packages

▶CVEListV5oracle_corporation/java4 versions+3

▶NVDoracle/jrockitr28.3.16

▶NVDschneider-electric/struxureware_data_center_expert< 7.6.0

▶NVDoracle/jdk4 versions+3

▶NVDoracle/jre4 versions+3

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.4, 7.6, 7.5

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-8gqp-9rvv-r4x9: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE)↗2022-05-13

▶

CVEList

CVE-2018-2618: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE)↗2018-01-18

▶

OSV

CVE-2018-2618: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE)↗2018-01-17

▶

📋Vendor Advisories

Ubuntu

OpenJDK 8 vulnerabilities↗2018-04-02

▶

Ubuntu

OpenJDK 7 vulnerabilities↗2018-04-02

▶

Red Hat

OpenJDK: insufficient strength of key agreement (JCE, 8185292)↗2018-01-16

▶

Debian

CVE-2018-2618: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java...↗2018

▶

💬Community

Bugzilla

CVE-2018-2618 OpenJDK: insufficient strength of key agreement (JCE, 8185292)↗2018-01-15

▶