CVE-2018-2663

CWE-20 — Improper Input Validation11 documents8 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 78.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Struxureware Data Center Expert Oracle Corporation Java Canonical Ubuntu Linux +14 more

Timeline

PublishedJan 18

Latest updateMay 13

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages14 packages

▶CVEListV5oracle_corporation/java4 versions+3

▶NVDoracle/jrockitr28.3.16

▶NVDschneider-electric/struxureware_data_center_expert< 7.6.0

▶NVDoracle/jdk4 versions+3

▶NVDoracle/jre4 versions+3

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.4, 7.6, 7.5

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-j4m7-28v7-p4cq: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries)↗2022-05-13

▶

CVEList

CVE-2018-2663: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries)↗2018-01-18

▶

OSV

CVE-2018-2663: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries)↗2018-01-17

▶

📋Vendor Advisories

Ubuntu

OpenJDK 8 vulnerabilities↗2018-04-02

▶

Ubuntu

OpenJDK 7 vulnerabilities↗2018-04-02

▶

Red Hat

OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284)↗2018-01-16

▶

Debian

CVE-2018-2663: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java...↗2018

▶

💬Community

Bugzilla

CVE-2018-11694 libsass: NULL pointer dereference in function Sass::Functions::selector_append in functions.cpp↗2018-06-07

▶

Bugzilla

CVE-2018-12533 RichFaces: Injection of arbitrary EL expressions allows remote code execution via org.richfaces.renderkit.html.Paint2DResource↗2018-05-31

▶

Bugzilla

CVE-2018-2663 OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284)↗2018-01-14

▶