CVE-2018-2618

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Risk Information

Base Score

5.9

MODERATE

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

0.162

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities affected in Java jdk (x64) 1.9.0.1	Windows
Multiple vulnerabilities affected in Java jdk 9.0.1	Windows
Multiple vulnerabilities affected in Java jre 9.0.1	Windows
Multiple vulnerabilities are affected in Java SE Development Kit 6.0.1710	Windows
Multiple vulnerabilities are affected in Java SE Development Kit 1.7.0.1610	Windows
Multiple vulnerabilities are affected in Java SE Development Kit 8.0.1520	Windows
Multiple vulnerabilities are affected in Java SE Development Kit 9.0.1	Windows
Multiple vulnerabilities are affected in Java SE Development Kit 8.0.1510	Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 6.0.1710	Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 1.7.0.1610	Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.1520	Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 9.0.1	Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.1510	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 17 (17.46.19)	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 17 (x64) (17.46.19)	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 7 7.22	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 7 (x64) 7.22	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) 8.27	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.27	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.0	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.0	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.1	Windows
Multiple vulnerabilities are affected in Java Runtime Environment 1.8 8.0.1520	Windows
Multiple vulnerabilities are affected in Java Runtime Environment 1.8 (x64) 8.0.1520	Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0	Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.5	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.6	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.7	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.8	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.9	Windows
Multiple Vulnerabilities are affected in IBM MQ 8.0	Windows
Multiple Vulnerabilities are affected in IBM MQ 9.0	Windows
Multiple Vulnerabilities are affected in IBM MQ 9.0.0	Windows
CVE-2018-2618	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-306431	Java 9 (64-bit) (Deployment-Only)
PATCH-330243	Java SE Development Kit 8 Update 371 (32-bit) (8.0.3710.11) (JDK)
PATCH-330243	Java SE Development Kit 8 Update 371 (32-bit) (8.0.3710.11) (JDK)
PATCH-330243	Java SE Development Kit 8 Update 371 (32-bit) (8.0.3710.11) (JDK)
PATCH-330242	Java SE Development Kit 8 Update 371 (64-bit) (8.0.3710.11) (JDK)
PATCH-330242	Java SE Development Kit 8 Update 371 (64-bit) (8.0.3710.11) (JDK)
PATCH-330242	Java SE Development Kit 8 Update 371 (64-bit) (8.0.3710.11) (JDK)
PATCH-333741	Azul Zulu JDK 17 (17.46.19)
PATCH-333742	Azul Zulu JDK 17 (x64) (17.46.19)
PATCH-344728	Azul Zulu JDK 8 (MSI) (8.84.0.15)
PATCH-344692	Azul Zulu JDK 8 (MSI) (x64) (8.84.0.15)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234