Home

CVE-2018-3214

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
0.415

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-3214 are affected in Java jdk (x64) 8.0.182(x64)Windows
Vulnerabilities CVE-2018-3214 are affected in Java jdk 8.0.182Windows
Vulnerabilities CVE-2018-3214 are affected in Java jre (x64) 8.0.182(x64)Windows
Vulnerabilities CVE-2018-3214 are affected in Java jre 8.0.182Windows
Multiple vulnerabilities are affected in Java SE Development Kit 6.0.2010Windows
Multiple vulnerabilities are affected in Java SE Development Kit 1.7.0.1910Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) Java SE Development Kit 8 Update 181Windows
Multiple vulnerabilities are affected in Java SE Development Kit Java SE Development Kit 8 Update 181Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 6.0.2010Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 1.7.0.1910Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.1810Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK (18.32.13)Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 18 (x64) (18.32.13)Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 7 7.25Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 7 (x64) 7.25Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) 8.33Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.33Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) Java SE Development Kit 8 Update 181 (64-bit)Windows
Multiple vulnerabilities are affected in Java SE Development Kit Java SE Development Kit 8 Update 181 (64-bit)Windows
Multiple vulnerabilities are affected in Java Runtime Environment 1.8 8.0.1810Windows
Multiple vulnerabilities are affected in Java Runtime Environment 1.8 (x64) 8.0.1810Windows
CVE-2018-3214NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-342255Java Runtime Environment 1.8 (x64) (8.0.4310.10) (Manual Upload Required)
PATCH-342254Java Runtime Environment 1.8 (8.0.4310.10) (Manual Upload Required)
PATCH-330243Java SE Development Kit 8 Update 371 (32-bit) (8.0.3710.11) (JDK)
PATCH-308259Java SE Development Kit 8 Update 191 (64-bit)
PATCH-308258Java SE Development Kit 8 Update 191 (32-bit)
PATCH-330242Java SE Development Kit 8 Update 371 (64-bit) (8.0.3710.11) (JDK)
PATCH-330242Java SE Development Kit 8 Update 371 (64-bit) (8.0.3710.11) (JDK)
PATCH-329676Azul Zulu JDK (18.32.13)
PATCH-329677Azul Zulu JDK 18 (x64) (18.32.13)
PATCH-344728Azul Zulu JDK 8 (MSI) (8.84.0.15)
PATCH-344692Azul Zulu JDK 8 (MSI) (x64) (8.84.0.15)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234