Home

CVE-2018-2972

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). The supported version that is affected is Java SE: 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.64

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2018-2940,CVE-2018-2952,CVE-2018-2972,CVE-2018-2973 are affected in Java SE Development Kit 10.0.1Windows
Multiple vulnerabilities are affected in Java SE Development Kit 10.0.1Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 10.0.1Windows
Java runtime based on OpenJDK (debugging symbols) (USN-3747-1) openjdk-11-jre_10.0.2+13-1ubuntu0.18.04.1_i386.debLinux
Java runtime based on OpenJDK (debugging symbols) (USN-3747-1) openjdk-11-jre_10.0.2+13-1ubuntu0.18.04.1_amd64.debLinux
Java runtime based on OpenJDK (debugging symbols) (USN-3747-1) openjdk-11-jre-zero_10.0.2+13-1ubuntu0.18.04.1_i386.debLinux
Java runtime based on OpenJDK (debugging symbols) (USN-3747-1) openjdk-11-jre-zero_10.0.2+13-1ubuntu0.18.04.1_amd64.debLinux
Java runtime based on OpenJDK (debugging symbols) (USN-3747-1) openjdk-11-jre-headless_10.0.2+13-1ubuntu0.18.04.1_i386.debLinux
Java runtime based on OpenJDK (debugging symbols) (USN-3747-1) openjdk-11-jre-headless_10.0.2+13-1ubuntu0.18.04.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234