CVE-2018-2800

Description

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).

Risk Information

Base Score

4.2

MODERATE

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.316

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2018-2798,CVE-2018-2799,CVE-2018-2800,CVE-2018-2811,CVE-2018-2815 are affected in Java jdk (x64) 8.0.162(x64)	Windows
Vulnerabilities CVE-2018-2798,CVE-2018-2799,CVE-2018-2800,CVE-2018-2811,CVE-2018-2815 are affected in Java jdk 8.0.162	Windows
Vulnerabilities CVE-2018-2798,CVE-2018-2799,CVE-2018-2800,CVE-2018-2811,CVE-2018-2815 are affected in Java jre (x64) 8.0.162(x64)	Windows
Vulnerabilities CVE-2018-2798,CVE-2018-2799,CVE-2018-2800,CVE-2018-2811,CVE-2018-2815 are affected in Java jre 8.0.162	Windows
Multiple vulnerabilities are affected in Java SE Development Kit 6.0.1810	Windows
Multiple vulnerabilities are affected in Java SE Development Kit 1.7.0.1710	Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) Java SE Development Kit 8 Update 162 (64-bit)	Windows
Multiple vulnerabilities are affected in Java SE Development Kit Java SE Development Kit 8 Update 162 (64-bit)	Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 6.0.1810	Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 1.7.0.1710	Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.1620	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 7 7.23	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 7 (x64) 7.23	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) 8.30	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.30	Windows
Vulnerabilities CVE-2018-2800,CVE-2018-2783 are fixed in IBM WebSphere 8.5.5.14	Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.0.0.14	Windows
Multiple vulnerabilities are fixed in IBM WebSphere 7.0.0.43	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.0	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.0	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.1	Windows
Multiple vulnerabilities are affected in Java SE Development Kit 8.0.1620	Windows
Multiple vulnerabilities are affected in Java Runtime Environment 1.8 8.0.1620	Windows
Multiple vulnerabilities are affected in Java Runtime Environment 1.8 (x64) 8.0.1620	Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0	Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.5	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.6	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.7	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.8	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.9	Windows
Vulnerabilities CVE-2018-2798 ,CVE-2018-2799 ,CVE-2018-2800 ,CVE-2018-2814 are affected in xp7_command_view 8.4.1	NCM
CVE-2018-2800	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-342255	Java Runtime Environment 1.8 (x64) (8.0.4310.10) (Manual Upload Required)
PATCH-342254	Java Runtime Environment 1.8 (8.0.4310.10) (Manual Upload Required)
PATCH-333702	Java SE Development Kit 8 Update 391 (32-bit) (8.0.3910.13) (JDK) (Manual Upload Required)
PATCH-333701	Java SE Development Kit 8 Update 391 (64-bit) (8.0.3910.13) (JDK) (Manual Upload Required)
PATCH-333701	Java SE Development Kit 8 Update 391 (64-bit) (8.0.3910.13) (JDK) (Manual Upload Required)
PATCH-344728	Azul Zulu JDK 8 (MSI) (8.84.0.15)
PATCH-344692	Azul Zulu JDK 8 (MSI) (x64) (8.84.0.15)
PATCH-349783	Java SE Development Kit (8.0.4610.11) (Manual Upload Required)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234