CVE-2018-2794

CWE-502 — Deserialization of Untrusted Data11 documents8 sources

Severity

7.7HIGH

EPSS

0.1%

top 80.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Struxureware Data Center Expert Oracle Corporation Java Canonical Ubuntu Linux +11 more

Timeline

PublishedApr 19

Latest updateMay 13

Description

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may …

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.0 | Impact: 6.0

Affected Packages11 packages

▶CVEListV5oracle_corporation/java5 versions+4

▶NVDoracle/jrockitr28.3.17

▶NVDschneider-electric/struxureware_data_center_expert< 7.6.0

▶NVDoracle/jdk4 versions+3

▶NVDoracle/jre4 versions+3

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.6, 7.5

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-8hrg-qfqw-3fgp: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security)↗2022-05-13

▶

OSV

openjdk-7 vulnerabilities↗2018-06-21

▶

OSV

openjdk-8 vulnerabilities↗2018-05-11

▶

CVEList

CVE-2018-2794: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security)↗2018-04-19

▶

OSV

CVE-2018-2794: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security)↗2018-04-18

▶

📋Vendor Advisories

Ubuntu

OpenJDK 7 vulnerabilities↗2018-06-21

▶

Ubuntu

OpenJDK 8 vulnerabilities↗2018-05-11

▶

Red Hat

OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)↗2018-04-17

▶

Debian

CVE-2018-2794: openjdk-8 - Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent:...↗2018

▶

💬Community

Bugzilla

CVE-2018-2794 OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)↗2018-04-13

▶