CVE-2018-2973

6 documents6 sources
Severity
5.9MEDIUM
EPSS
0.3%
top 51.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Netapp E-series Santricity OS ControllerOracle Corporation JavaNetapp Storage Replication Adapter FOR Clustered Data Ontap+8 more
Timeline
PublishedJul 18
Latest updateMay 13

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embed

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages11 packages

CVEListV5oracle_corporation/java4 versions+3
NVDoracle/jdk4 versions+3
NVDoracle/jre4 versions+3
NVDredhat/satellite5.6, 5.7, 5.8+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-pj6g-h9ch-r92c: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE)2022-05-13
CVEList
CVE-2018-2973: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE)2018-07-18

📋Vendor Advisories

2
Red Hat
JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)2018-07-17
Debian
CVE-2018-2973: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subc...2018

💬Community

1
Bugzilla
CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)2018-07-17
CVE-2018-2973 (MEDIUM CVSS 5.9) | Vulnerability in the Java SE | cvebase.io