CVE-2018-2972Corporation Java vulnerability

8 documents7 sources
Severity
5.9MEDIUMNVD
EPSS
0.6%
top 29.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle Corporation JavaOracle JDKOracle JRE
Timeline
PublishedJul 18
Latest updateMay 13

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). The supported version that is affected is Java SE: 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be e

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

CVEListV5oracle_corporation/javaJava SE: 10.0.1
NVDoracle/jdk10.0.1
NVDoracle/jre10.0.1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-4236-7hj3-75v7: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security)2022-05-13
OSV
openjdk-lts vulnerabilities2018-08-21
OSV
CVE-2018-2972: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security)2018-07-18
CVEList
CVE-2018-2972: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security)2018-07-18

📋Vendor Advisories

2
Ubuntu
OpenJDK 10 vulnerabilities2018-08-21
Red Hat
OpenJDK: GCTR counter roll over (Security, 8200332)2018-07-17

💬Community

1
Bugzilla
CVE-2018-2972 OpenJDK: GCTR counter roll over (Security, 8200332)2018-07-13
CVE-2018-2972 — Oracle Corporation Java vulnerability | cvebase