CVE-2018-2811 — HIGH (7.7) — White Hats Nepal

Q: How severe is CVE-2018-2811?

CVE-2018-2811 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-2811?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Jdk, Oracle Jre, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Schneider-Electric Struxureware Data Center Expert.

Vulnerability Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVSS Score

7.7

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Oracle	Jdk	1.8.0
Oracle	Jre	1.8.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0
Schneider-Electric	Struxureware Data Center Expert	< 7.6.0

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatchVendor Advisory
http://www.securityfocus.com/bid/103810Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040697Broken LinkThird Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxurThird Party Advisory
https://security.gentoo.org/glsa/201903-14Third Party Advisory
https://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatchVendor Advisory
http://www.securityfocus.com/bid/103810Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040697Broken LinkThird Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxurThird Party Advisory
https://security.gentoo.org/glsa/201903-14Third Party Advisory

FAQ

What is CVE-2018-2811?

CVE-2018-2811 is a vulnerability with a CVSS score of 7.7 (HIGH). Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthentica...

How severe is CVE-2018-2811?

CVE-2018-2811 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-2811?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Jdk, Oracle Jre, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Schneider-Electric Struxureware Data Center Expert.