CVE-2018-2825

9 documents7 sources
Severity
8.3HIGH
EPSS
1.1%
top 21.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Netapp E-series Santricity OS ControllerOracle Corporation JavaCanonical Ubuntu Linux+6 more
Timeline
PublishedApr 19
Latest updateMay 13

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can res

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages9 packages

CVEListV5oracle_corporation/javaJava SE: 10
NVDoracle/jdk10
NVDoracle/jre10
Ubuntuopenjdk-lts< 10.0.2+13-1ubuntu0.18.04.1

Also affects: Ubuntu Linux 18.04

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
GHSA
GHSA-55c3-m354-2mrm: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries)2022-05-13
OSV
openjdk-lts regression2018-09-12
OSV
openjdk-lts vulnerabilities2018-08-21
CVEList
CVE-2018-2825: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries)2018-04-19
OSV
CVE-2018-2825: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries)2018-04-18

📋Vendor Advisories

2
Ubuntu
OpenJDK 10 vulnerabilities2018-08-21
Red Hat
OpenJDK: insufficient array type checks in VarHandle (Libraries, 8194233)2018-04-17

💬Community

1
Bugzilla
CVE-2018-2825 OpenJDK: insufficient array type checks in VarHandle (Libraries, 8194233)2018-04-17
CVE-2018-2825 (HIGH CVSS 8.3) | Vulnerability in the Java SE compon | cvebase.io