CVE-2018-3150Corporation Java vulnerability

8 documents8 sources
Severity
3.7LOWNVD
EPSS
0.8%
top 26.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle Corporation JavaOracle JDKOracle JRE
Timeline
PublishedOct 17
Latest updateMay 13

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., c

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages3 packages

CVEListV5oracle_corporation/javaJava SE: 11
NVDoracle/jdk11.0.0
NVDoracle/jre11.0.0

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-ggpf-m8c3-75p7: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility)2022-05-13
CVEList
CVE-2018-3150: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility)2018-10-17
OSV
CVE-2018-3150: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility)2018-10-17

📋Vendor Advisories

3
Ubuntu
OpenJDK vulnerabilities2018-10-30
Red Hat
OpenJDK: Multi-Release attribute read from outside of the main manifest attributes (Utility, 8199171)2018-10-16
Debian
CVE-2018-3150: openjdk-11 - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility)...2018

💬Community

1
Bugzilla
CVE-2018-3150 OpenJDK: Multi-Release attribute read from outside of the main manifest attributes (Utility, 8199171)2018-10-24
CVE-2018-3150 — Oracle Corporation Java vulnerability | cvebase