CVE-2018-2637

CWE-502 — Deserialization of Untrusted Data9 documents8 sources

Severity

7.4HIGH

EPSS

0.2%

top 58.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Struxureware Data Center Expert Oracle Corporation Java Canonical Ubuntu Linux +14 more

Timeline

PublishedJan 18

Latest updateMay 13

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access …

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages14 packages

▶CVEListV5oracle_corporation/java4 versions+3

▶NVDoracle/jrockitr28.3.16

▶NVDschneider-electric/struxureware_data_center_expert< 7.6.0

▶NVDoracle/jdk4 versions+3

▶NVDoracle/jre4 versions+3

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.4, 7.6, 7.5

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-27cq-pwrq-vxhr: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX)↗2022-05-13

▶

CVEList

CVE-2018-2637: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX)↗2018-01-18

▶

OSV

CVE-2018-2637: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX)↗2018-01-17

▶

📋Vendor Advisories

Ubuntu

OpenJDK 8 vulnerabilities↗2018-04-02

▶

Ubuntu

OpenJDK 7 vulnerabilities↗2018-04-02

▶

Red Hat

OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)↗2018-01-16

▶

Debian

CVE-2018-2637: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java...↗2018

▶

💬Community

Bugzilla

CVE-2018-2637 OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)↗2018-01-16

▶