Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Hp
  • Xp7 Command View
Oracle
  • Jdk
  • Jre
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Enterprise Linux Server
  • Enterprise Linux Server Aus
  • Enterprise Linux Server Eus
  • Enterprise Linux Server Tus
  • Enterprise Linux Workstation
  • Network Satellite
  • Rhel Extras
  • Rhel Extras Oracle Java
  • Satellite
Schneider-electric
  • Struxureware Data Center Expert

Configuration 1 [-]

OR cpe:2.3:a:oracle:jdk:1.6.0:update181:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update181:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*

Configuration 6 [-]

cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Oracle Java for Red Hat Enterprise Linux 6
java-1.8.0-oracle-1:1.8.0.171-1jpp.2.el6 cpe:/a:redhat:rhel_extras_oracle_java:6 RHSA-2018:1202 2018-04-23T00:00:00Z
java-1.6.0-sun-1:1.6.0.191-1jpp.2.el6 cpe:/a:redhat:rhel_extras_oracle_java:6 RHSA-2018:1203 2018-04-23T00:00:00Z
java-1.7.0-oracle-1:1.7.0.181-1jpp.1.el6 cpe:/a:redhat:rhel_extras_oracle_java:6 RHSA-2018:1206 2018-04-23T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 7
java-1.7.0-oracle-1:1.7.0.181-1jpp.1.el7 cpe:/a:redhat:rhel_extras_oracle_java:7 RHSA-2018:1201 2018-04-23T00:00:00Z
java-1.8.0-oracle-1:1.8.0.171-1jpp.1.el7 cpe:/a:redhat:rhel_extras_oracle_java:7 RHSA-2018:1204 2018-04-23T00:00:00Z
java-1.6.0-sun-1:1.6.0.191-1jpp.1.el7 cpe:/a:redhat:rhel_extras_oracle_java:7 RHSA-2018:1205 2018-04-23T00:00:00Z
Red Hat Enterprise Linux 6
java-1.8.0-openjdk-1:1.8.0.171-3.b10.el6_9 cpe:/o:redhat:enterprise_linux:6 RHSA-2018:1188 2018-04-19T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.181-2.6.14.1.el6_9 cpe:/o:redhat:enterprise_linux:6 RHSA-2018:1270 2018-04-30T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
java-1.8.0-ibm-1:1.8.0.5.15-1jpp.2.el6_9 cpe:/a:redhat:rhel_extras:6 RHSA-2018:1722 2018-05-24T00:00:00Z
java-1.7.1-ibm-1:1.7.1.4.25-1jpp.2.el6_9 cpe:/a:redhat:rhel_extras:6 RHSA-2018:1724 2018-05-24T00:00:00Z
Red Hat Enterprise Linux 7
java-1.8.0-openjdk-1:1.8.0.171-7.b10.el7 cpe:/o:redhat:enterprise_linux:7 RHSA-2018:1191 2018-04-19T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.181-2.6.14.5.el7 cpe:/o:redhat:enterprise_linux:7 RHSA-2018:1278 2018-05-02T00:00:00Z
Red Hat Enterprise Linux 7 Supplementary
java-1.8.0-ibm-1:1.8.0.5.15-1jpp.5.el7 cpe:/a:redhat:rhel_extras:7 RHSA-2018:1721 2018-05-24T00:00:00Z
java-1.7.1-ibm-1:1.7.1.4.25-1jpp.3.el7 cpe:/a:redhat:rhel_extras:7 RHSA-2018:1723 2018-05-24T00:00:00Z
Red Hat Satellite 5.6
java-1.7.1-ibm-1:1.7.1.4.25-1jpp.3.el6 cpe:/a:redhat:network_satellite:5.6::el6 RHSA-2018:1974 2018-06-25T00:00:00Z
Red Hat Satellite 5.7
java-1.7.1-ibm-1:1.7.1.4.25-1jpp.3.el6 cpe:/a:redhat:network_satellite:5.7::el6 RHSA-2018:1974 2018-06-25T00:00:00Z
Red Hat Satellite 5.8
java-1.8.0-ibm-1:1.8.0.5.15-1jpp.2.el6 cpe:/a:redhat:network_satellite:5.8::el6 RHSA-2018:1975 2018-06-25T00:00:00Z
References
Link Providers
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html cve-icon cve-icon
http://www.securityfocus.com/bid/103877 cve-icon cve-icon
http://www.securitytracker.com/id/1040697 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1188 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1191 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1201 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1202 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1203 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1204 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1205 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1206 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1270 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1278 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1721 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1722 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1723 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1724 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1974 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1975 cve-icon cve-icon
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2018-2790 cve-icon
https://security.gentoo.org/glsa/201903-14 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20180419-0001/ cve-icon cve-icon
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us cve-icon cve-icon
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us cve-icon cve-icon
https://usn.ubuntu.com/3644-1/ cve-icon cve-icon
https://usn.ubuntu.com/3691-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2018-2790 cve-icon
https://www.debian.org/security/2018/dsa-4185 cve-icon cve-icon
https://www.debian.org/security/2018/dsa-4225 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2018-04-19T02:00:00

Updated: 2024-08-05T04:29:44.746Z

Reserved: 2017-12-15T00:00:00

Link: CVE-2018-2790

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2018-04-19T02:29:03.413

Modified: 2023-11-22T19:36:29.187

Link: CVE-2018-2790

cve-icon Redhat

Severity : Low

Publid Date: 2018-04-17T00:00:00Z

Links: CVE-2018-2790 - Bugzilla