All the vulnerabilites related to schneider-electric - struxureware_data_center_expert
cve-2018-2618
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:40
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
https://access.redhat.com/errata/RHSA-2018:0351vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://usn.ubuntu.com/3614-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4166vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0352vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0115vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
http://www.securityfocus.com/bid/102612vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0349vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:34.422Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:0351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "USN-3614-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3614-1/"
          },
          {
            "name": "DSA-4166",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4166"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0352"
          },
          {
            "name": "RHSA-2018:0115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "102612",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102612"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "RHSA-2018:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0349"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2618",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:23:12.897643Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:40:43.309Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u171"
            },
            {
              "status": "affected",
              "version": "7u161"
            },
            {
              "status": "affected",
              "version": "8u152"
            },
            {
              "status": "affected",
              "version": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:0351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "USN-3614-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3614-1/"
        },
        {
          "name": "DSA-4166",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4166"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0352"
        },
        {
          "name": "RHSA-2018:0115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "102612",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102612"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "RHSA-2018:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0349"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2618",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u152"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:0351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0351"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "USN-3614-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3614-1/"
            },
            {
              "name": "DSA-4166",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4166"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0352"
            },
            {
              "name": "RHSA-2018:0115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0115"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "102612",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102612"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "RHSA-2018:0349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0349"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2618",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:40:43.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25551
Vulnerability from cvelistv5
Published
2023-04-18 20:37
Modified
2024-08-02 11:25
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:19.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StruxureWare Data Center Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "V7.9.2",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\n\n\n\n\n\n\n\n\n\n\nA CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site\nScripting\u0027) vulnerability exists on a DCE file upload endpoint when tampering with parameters\nover HTTP.\n\n\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\u003c/p\u003e"
            }
          ],
          "value": "\n\n\n\n\n\n\n\n\n\n\nA CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site\nScripting\u0027) vulnerability exists on a DCE file upload endpoint when tampering with parameters\nover HTTP.\n\n\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-18T20:37:23.329Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-25551",
    "datePublished": "2023-04-18T20:37:23.329Z",
    "dateReserved": "2023-02-07T17:00:03.778Z",
    "dateUpdated": "2024-08-02T11:25:19.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25555
Vulnerability from cvelistv5
Published
2023-04-18 20:39
Modified
2024-08-02 11:25
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:19.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StruxureWare Data Center Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "V7.9.2",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS\nCommand Injection\u0027) vulnerability exists that could allow a user that knows the credentials to\nexecute unprivileged shell commands on the appliance over SSH. \n\n \n\n\n\n\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\u003c/p\u003e"
            }
          ],
          "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS\nCommand Injection\u0027) vulnerability exists that could allow a user that knows the credentials to\nexecute unprivileged shell commands on the appliance over SSH. \n\n \n\n\n\n\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-18T20:39:14.874Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-25555",
    "datePublished": "2023-04-18T20:39:14.874Z",
    "dateReserved": "2023-02-07T17:00:03.780Z",
    "dateUpdated": "2024-08-02T11:25:19.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25553
Vulnerability from cvelistv5
Published
2023-04-18 20:38
Modified
2024-08-02 11:25
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:19.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StruxureWare Data Center Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "V7.9.2",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\nA CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site\nScripting\u0027) vulnerability exists on a DCE endpoint through the logging capabilities of the\nwebserver. \n\n\n\n\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\u003c/p\u003e"
            }
          ],
          "value": "\n\n\n\n\n\n\n\n\n\n\n\n\nA CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site\nScripting\u0027) vulnerability exists on a DCE endpoint through the logging capabilities of the\nwebserver. \n\n\n\n\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-18T20:38:01.298Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-25553",
    "datePublished": "2023-04-18T20:38:01.298Z",
    "dateReserved": "2023-02-07T17:00:03.779Z",
    "dateUpdated": "2024-08-02T11:25:19.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2657
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:36
Severity ?
Summary
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0115vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/102629vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:34.733Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          },
          {
            "name": "102629",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102629"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2657",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:12:40.369651Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:36:25.506Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u171"
            },
            {
              "status": "affected",
              "version": "7u161; JRockit: R28.3.16"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        },
        {
          "name": "102629",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102629"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2657",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u161; JRockit: R28.3.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0115"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            },
            {
              "name": "102629",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102629"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2657",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:36:25.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2633
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:39
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
http://www.securityfocus.com/bid/102557vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0351vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://usn.ubuntu.com/3614-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4166vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0352vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0115vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0349vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:34.576Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102557",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102557"
          },
          {
            "name": "RHSA-2018:0351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "USN-3614-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3614-1/"
          },
          {
            "name": "DSA-4166",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4166"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0352"
          },
          {
            "name": "RHSA-2018:0115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "RHSA-2018:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0349"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2633",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:19:49.941421Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:39:17.310Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u171"
            },
            {
              "status": "affected",
              "version": "7u161"
            },
            {
              "status": "affected",
              "version": "8u152"
            },
            {
              "status": "affected",
              "version": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "102557",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102557"
        },
        {
          "name": "RHSA-2018:0351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "USN-3614-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3614-1/"
        },
        {
          "name": "DSA-4166",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4166"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0352"
        },
        {
          "name": "RHSA-2018:0115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "RHSA-2018:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0349"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2633",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u152"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102557",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102557"
            },
            {
              "name": "RHSA-2018:0351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0351"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "USN-3614-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3614-1/"
            },
            {
              "name": "DSA-4166",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4166"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0352"
            },
            {
              "name": "RHSA-2018:0115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0115"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "RHSA-2018:0349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0349"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2633",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:39:17.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2677
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:33
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2018:0351vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://usn.ubuntu.com/3614-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4166vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/102656vdb-entry, x_refsource_BID
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0352vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0115vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0349vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:42.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:0351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "USN-3614-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3614-1/"
          },
          {
            "name": "DSA-4166",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4166"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "102656",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102656"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0352"
          },
          {
            "name": "RHSA-2018:0115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "RHSA-2018:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0349"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2677",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:23:54.998529Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:33:51.678Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u171"
            },
            {
              "status": "affected",
              "version": "7u161"
            },
            {
              "status": "affected",
              "version": "8u152"
            },
            {
              "status": "affected",
              "version": "9.0.1; Java SE Embedded: 8u151"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:0351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "USN-3614-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3614-1/"
        },
        {
          "name": "DSA-4166",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4166"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "102656",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102656"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0352"
        },
        {
          "name": "RHSA-2018:0115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "RHSA-2018:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0349"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2677",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u152"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.1; Java SE Embedded: 8u151"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:0351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0351"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "USN-3614-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3614-1/"
            },
            {
              "name": "DSA-4166",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4166"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "102656",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102656"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0352"
            },
            {
              "name": "RHSA-2018:0115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0115"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "RHSA-2018:0349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0349"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2677",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:33:51.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1126
Vulnerability from cvelistv5
Published
2018-05-23 13:00
Modified
2024-08-05 03:51
Severity ?
4.8 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Summary
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
References
https://usn.ubuntu.com/3658-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4208vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:1777vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2018/05/msg00021.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:2267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2268vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1700vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
http://www.securityfocus.com/bid/104214vdb-entry, x_refsource_BID
http://seclists.org/oss-sec/2018/q2/122mailing-list, x_refsource_MLIST
http://www.securitytracker.com/id/1041057vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:1820vendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126x_refsource_CONFIRM
https://usn.ubuntu.com/3658-2/vendor-advisory, x_refsource_UBUNTU
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txtx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:1944vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:48.860Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3658-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3658-1/"
          },
          {
            "name": "DSA-4208",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4208"
          },
          {
            "name": "RHSA-2018:1777",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1777"
          },
          {
            "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
          },
          {
            "name": "RHSA-2018:2267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2267"
          },
          {
            "name": "RHSA-2018:2268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2268"
          },
          {
            "name": "RHSA-2018:1700",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1700"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "104214",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104214"
          },
          {
            "name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2018/q2/122"
          },
          {
            "name": "1041057",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041057"
          },
          {
            "name": "RHSA-2018:1820",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1820"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126"
          },
          {
            "name": "USN-3658-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3658-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
          },
          {
            "name": "RHSA-2019:1944",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1944"
          },
          {
            "name": "openSUSE-SU-2019:2376",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
          },
          {
            "name": "openSUSE-SU-2019:2379",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "procps-ng, procps",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "procps-ng 3.3.15"
            }
          ]
        }
      ],
      "datePublic": "2018-05-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-26T23:06:06",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-3658-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3658-1/"
        },
        {
          "name": "DSA-4208",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4208"
        },
        {
          "name": "RHSA-2018:1777",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1777"
        },
        {
          "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
        },
        {
          "name": "RHSA-2018:2267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2267"
        },
        {
          "name": "RHSA-2018:2268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2268"
        },
        {
          "name": "RHSA-2018:1700",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1700"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "104214",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104214"
        },
        {
          "name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2018/q2/122"
        },
        {
          "name": "1041057",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041057"
        },
        {
          "name": "RHSA-2018:1820",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1820"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126"
        },
        {
          "name": "USN-3658-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3658-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
        },
        {
          "name": "RHSA-2019:1944",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1944"
        },
        {
          "name": "openSUSE-SU-2019:2376",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
        },
        {
          "name": "openSUSE-SU-2019:2379",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-1126",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "procps-ng, procps",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "procps-ng 3.3.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "4.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3658-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3658-1/"
            },
            {
              "name": "DSA-4208",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4208"
            },
            {
              "name": "RHSA-2018:1777",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1777"
            },
            {
              "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
            },
            {
              "name": "RHSA-2018:2267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2267"
            },
            {
              "name": "RHSA-2018:2268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2268"
            },
            {
              "name": "RHSA-2018:1700",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1700"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "104214",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104214"
            },
            {
              "name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2018/q2/122"
            },
            {
              "name": "1041057",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041057"
            },
            {
              "name": "RHSA-2018:1820",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1820"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126"
            },
            {
              "name": "USN-3658-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3658-2/"
            },
            {
              "name": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
              "refsource": "MISC",
              "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
            },
            {
              "name": "RHSA-2019:1944",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1944"
            },
            {
              "name": "openSUSE-SU-2019:2376",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
            },
            {
              "name": "openSUSE-SU-2019:2379",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1126",
    "datePublished": "2018-05-23T13:00:00",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T03:51:48.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2579
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:45
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
https://access.redhat.com/errata/RHSA-2018:0351vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://usn.ubuntu.com/3614-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4166vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0352vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0115vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0349vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/102663vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:34.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:0351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "USN-3614-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3614-1/"
          },
          {
            "name": "DSA-4166",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4166"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0352"
          },
          {
            "name": "RHSA-2018:0115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "RHSA-2018:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0349"
          },
          {
            "name": "102663",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102663"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2579",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:22:41.441702Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:45:10.321Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u171"
            },
            {
              "status": "affected",
              "version": "7u161"
            },
            {
              "status": "affected",
              "version": "8u152"
            },
            {
              "status": "affected",
              "version": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:0351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "USN-3614-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3614-1/"
        },
        {
          "name": "DSA-4166",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4166"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0352"
        },
        {
          "name": "RHSA-2018:0115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "RHSA-2018:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0349"
        },
        {
          "name": "102663",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102663"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2579",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u152"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:0351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0351"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "USN-3614-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3614-1/"
            },
            {
              "name": "DSA-4166",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4166"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0352"
            },
            {
              "name": "RHSA-2018:0115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0115"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "RHSA-2018:0349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0349"
            },
            {
              "name": "102663",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102663"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2579",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:45:10.321Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2795
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-10-03 20:18
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2018:1278vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4185vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:1975vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usx_refsource_CONFIRM
https://security.gentoo.org/glsa/201903-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2018/dsa-4225vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1040697vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:1724vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1203vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3644-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1723vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180419-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1201vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1204vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/103847vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:1722vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1974vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1205vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1721vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3691-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1202vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1191vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1188vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1206vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1270vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:44.907Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1278",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1278"
          },
          {
            "name": "DSA-4185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4185"
          },
          {
            "name": "RHSA-2018:1975",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1975"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
          },
          {
            "name": "GLSA-201903-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-14"
          },
          {
            "name": "DSA-4225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4225"
          },
          {
            "name": "1040697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040697"
          },
          {
            "name": "RHSA-2018:1724",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1724"
          },
          {
            "name": "RHSA-2018:1203",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1203"
          },
          {
            "name": "USN-3644-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3644-1/"
          },
          {
            "name": "RHSA-2018:1723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1723"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
          },
          {
            "name": "RHSA-2018:1201",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "RHSA-2018:1204",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "103847",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103847"
          },
          {
            "name": "RHSA-2018:1722",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1722"
          },
          {
            "name": "RHSA-2018:1974",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1974"
          },
          {
            "name": "RHSA-2018:1205",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1205"
          },
          {
            "name": "RHSA-2018:1721",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1721"
          },
          {
            "name": "USN-3691-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3691-1/"
          },
          {
            "name": "RHSA-2018:1202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1202"
          },
          {
            "name": "RHSA-2018:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1191"
          },
          {
            "name": "RHSA-2018:1188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1188"
          },
          {
            "name": "RHSA-2018:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1206"
          },
          {
            "name": "RHSA-2018:1270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1270"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:13:32.761597Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:18:11.453Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u181"
            },
            {
              "status": "affected",
              "version": "7u171"
            },
            {
              "status": "affected",
              "version": "8u162"
            },
            {
              "status": "affected",
              "version": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
            }
          ]
        }
      ],
      "datePublic": "2018-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-20T00:06:05",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:1278",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1278"
        },
        {
          "name": "DSA-4185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4185"
        },
        {
          "name": "RHSA-2018:1975",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1975"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
        },
        {
          "name": "GLSA-201903-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-14"
        },
        {
          "name": "DSA-4225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4225"
        },
        {
          "name": "1040697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040697"
        },
        {
          "name": "RHSA-2018:1724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1724"
        },
        {
          "name": "RHSA-2018:1203",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1203"
        },
        {
          "name": "USN-3644-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3644-1/"
        },
        {
          "name": "RHSA-2018:1723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1723"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
        },
        {
          "name": "RHSA-2018:1201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "RHSA-2018:1204",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "103847",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103847"
        },
        {
          "name": "RHSA-2018:1722",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1722"
        },
        {
          "name": "RHSA-2018:1974",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1974"
        },
        {
          "name": "RHSA-2018:1205",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1205"
        },
        {
          "name": "RHSA-2018:1721",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1721"
        },
        {
          "name": "USN-3691-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3691-1/"
        },
        {
          "name": "RHSA-2018:1202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1202"
        },
        {
          "name": "RHSA-2018:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1191"
        },
        {
          "name": "RHSA-2018:1188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1188"
        },
        {
          "name": "RHSA-2018:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1206"
        },
        {
          "name": "RHSA-2018:1270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1270"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2795",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u181"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u162"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1278",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1278"
            },
            {
              "name": "DSA-4185",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4185"
            },
            {
              "name": "RHSA-2018:1975",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1975"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
            },
            {
              "name": "GLSA-201903-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-14"
            },
            {
              "name": "DSA-4225",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4225"
            },
            {
              "name": "1040697",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040697"
            },
            {
              "name": "RHSA-2018:1724",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1724"
            },
            {
              "name": "RHSA-2018:1203",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1203"
            },
            {
              "name": "USN-3644-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3644-1/"
            },
            {
              "name": "RHSA-2018:1723",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1723"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
            },
            {
              "name": "RHSA-2018:1201",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1201"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "RHSA-2018:1204",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1204"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "103847",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103847"
            },
            {
              "name": "RHSA-2018:1722",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1722"
            },
            {
              "name": "RHSA-2018:1974",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1974"
            },
            {
              "name": "RHSA-2018:1205",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1205"
            },
            {
              "name": "RHSA-2018:1721",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1721"
            },
            {
              "name": "USN-3691-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3691-1/"
            },
            {
              "name": "RHSA-2018:1202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1202"
            },
            {
              "name": "RHSA-2018:1191",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1191"
            },
            {
              "name": "RHSA-2018:1188",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1188"
            },
            {
              "name": "RHSA-2018:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1206"
            },
            {
              "name": "RHSA-2018:1270",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1270"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2795",
    "datePublished": "2018-04-19T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:18:11.453Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2637
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:38
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
References
https://access.redhat.com/errata/RHSA-2018:0351vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://usn.ubuntu.com/3614-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4166vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0352vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/102576vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0115vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0349vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:34.419Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:0351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "USN-3614-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3614-1/"
          },
          {
            "name": "DSA-4166",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4166"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0352"
          },
          {
            "name": "102576",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102576"
          },
          {
            "name": "RHSA-2018:0115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "RHSA-2018:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0349"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2637",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:19:43.731165Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:38:48.856Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u171"
            },
            {
              "status": "affected",
              "version": "7u161"
            },
            {
              "status": "affected",
              "version": "8u152"
            },
            {
              "status": "affected",
              "version": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:0351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "USN-3614-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3614-1/"
        },
        {
          "name": "DSA-4166",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4166"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0352"
        },
        {
          "name": "102576",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102576"
        },
        {
          "name": "RHSA-2018:0115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "RHSA-2018:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0349"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2637",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u152"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:0351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0351"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "USN-3614-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3614-1/"
            },
            {
              "name": "DSA-4166",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4166"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0352"
            },
            {
              "name": "102576",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102576"
            },
            {
              "name": "RHSA-2018:0115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0115"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "RHSA-2018:0349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0349"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2637",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:38:48.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-37198
Vulnerability from cvelistv5
Published
2023-07-12 06:44
Modified
2024-11-07 14:45
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:33.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "struxureware_data_center_expert",
            "vendor": "schneider-electric",
            "versions": [
              {
                "lessThanOrEqual": "7.9.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37198",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T14:42:18.221049Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T14:45:30.711Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StruxureWare Data Center Expert ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "v7.9.3 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T06:22:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\n\n\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\ncould cause remote code execution when an admin user on DCE uploads or tampers with install\npackages. \n\n \n\n\n\n"
            }
          ],
          "value": "\n\n\n\n\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\ncould cause remote code execution when an admin user on DCE uploads or tampers with install\npackages. \n\n \n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-12T06:44:34.037Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-37198",
    "datePublished": "2023-07-12T06:44:34.037Z",
    "dateReserved": "2023-06-28T14:14:13.863Z",
    "dateUpdated": "2024-11-07T14:45:30.711Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2582
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:44
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).
References
https://access.redhat.com/errata/RHSA-2018:0351vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/102597vdb-entry, x_refsource_BID
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0352vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:34.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:0351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "102597",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102597"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0352"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2582",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:22:42.863144Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:44:45.237Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 8u152"
            },
            {
              "status": "affected",
              "version": "9.0.1; Java SE Embedded: 8u151"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:0351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "102597",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102597"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0352"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2582",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 8u152"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.1; Java SE Embedded: 8u151"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:0351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0351"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "102597",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102597"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0352"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2582",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:44:45.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25550
Vulnerability from cvelistv5
Published
2023-04-18 20:36
Modified
2024-08-02 11:25
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:18.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StruxureWare Data Center Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "V7.9.2",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\n\n\n\n\n\n\n\n\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\nallows remote code execution via the \u201chostname\u201d parameter when maliciously crafted hostname\nsyntax is entered.\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\u003c/p\u003e"
            }
          ],
          "value": "\n\n\n\n\n\n\n\n\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\nallows remote code execution via the \u201chostname\u201d parameter when maliciously crafted hostname\nsyntax is entered.\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-18T20:36:30.681Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-25550",
    "datePublished": "2023-04-18T20:36:30.681Z",
    "dateReserved": "2023-02-07T17:00:03.778Z",
    "dateUpdated": "2024-08-02T11:25:18.948Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2641
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:38
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).
References
https://access.redhat.com/errata/RHSA-2018:0351vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://usn.ubuntu.com/3614-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4166vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0352vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0115vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/102605vdb-entry, x_refsource_BID
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0349vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:34.576Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:0351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "USN-3614-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3614-1/"
          },
          {
            "name": "DSA-4166",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4166"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0352"
          },
          {
            "name": "RHSA-2018:0115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "name": "102605",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102605"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "RHSA-2018:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0349"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2641",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:23:30.129720Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:38:19.464Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u171"
            },
            {
              "status": "affected",
              "version": "7u161"
            },
            {
              "status": "affected",
              "version": "8u152"
            },
            {
              "status": "affected",
              "version": "9.0.1; Java SE Embedded: 8u151"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:0351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "USN-3614-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3614-1/"
        },
        {
          "name": "DSA-4166",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4166"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0352"
        },
        {
          "name": "RHSA-2018:0115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "name": "102605",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102605"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "RHSA-2018:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0349"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2641",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u152"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.1; Java SE Embedded: 8u151"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:0351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0351"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "USN-3614-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3614-1/"
            },
            {
              "name": "DSA-4166",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4166"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0352"
            },
            {
              "name": "RHSA-2018:0115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0115"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "102605",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102605"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "RHSA-2018:0349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0349"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2641",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:38:19.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-7807
Vulnerability from cvelistv5
Published
2018-11-30 19:00
Modified
2024-08-05 06:37
Severity ?
Summary
Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.
References
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.166Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Data Center Expert versions 7.5.0 and earlier",
          "vendor": "Schneider Electric SE",
          "versions": [
            {
              "status": "affected",
              "version": "Data Center Expert versions 7.5.0 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2018-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Path Traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-30T18:57:01",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7807",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Data Center Expert versions 7.5.0 and earlier",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Data Center Expert versions 7.5.0 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "MISC",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2018-7807",
    "datePublished": "2018-11-30T19:00:00",
    "dateReserved": "2018-03-08T00:00:00",
    "dateUpdated": "2024-08-05T06:37:59.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2814
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-10-03 20:16
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2018:1278vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4185vendor-advisory, x_refsource_DEBIAN
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usx_refsource_CONFIRM
https://security.gentoo.org/glsa/201903-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2018/dsa-4225vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1040697vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:1203vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3644-1/vendor-advisory, x_refsource_UBUNTU
https://security.netapp.com/advisory/ntap-20180419-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1201vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1204vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/103798vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:1205vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3691-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1202vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1191vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1188vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1206vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1270vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:44.729Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1278",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1278"
          },
          {
            "name": "DSA-4185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4185"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
          },
          {
            "name": "GLSA-201903-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-14"
          },
          {
            "name": "DSA-4225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4225"
          },
          {
            "name": "1040697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040697"
          },
          {
            "name": "RHSA-2018:1203",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1203"
          },
          {
            "name": "USN-3644-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3644-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
          },
          {
            "name": "RHSA-2018:1201",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "RHSA-2018:1204",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "103798",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103798"
          },
          {
            "name": "RHSA-2018:1205",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1205"
          },
          {
            "name": "USN-3691-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3691-1/"
          },
          {
            "name": "RHSA-2018:1202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1202"
          },
          {
            "name": "RHSA-2018:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1191"
          },
          {
            "name": "RHSA-2018:1188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1188"
          },
          {
            "name": "RHSA-2018:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1206"
          },
          {
            "name": "RHSA-2018:1270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1270"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2814",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:20:38.429458Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:16:27.315Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u181"
            },
            {
              "status": "affected",
              "version": "7u171"
            },
            {
              "status": "affected",
              "version": "8u162"
            },
            {
              "status": "affected",
              "version": "10; Java SE Embedded: 8u161"
            }
          ]
        }
      ],
      "datePublic": "2018-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-20T00:06:06",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:1278",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1278"
        },
        {
          "name": "DSA-4185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4185"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
        },
        {
          "name": "GLSA-201903-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-14"
        },
        {
          "name": "DSA-4225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4225"
        },
        {
          "name": "1040697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040697"
        },
        {
          "name": "RHSA-2018:1203",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1203"
        },
        {
          "name": "USN-3644-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3644-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
        },
        {
          "name": "RHSA-2018:1201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "RHSA-2018:1204",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "103798",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103798"
        },
        {
          "name": "RHSA-2018:1205",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1205"
        },
        {
          "name": "USN-3691-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3691-1/"
        },
        {
          "name": "RHSA-2018:1202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1202"
        },
        {
          "name": "RHSA-2018:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1191"
        },
        {
          "name": "RHSA-2018:1188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1188"
        },
        {
          "name": "RHSA-2018:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1206"
        },
        {
          "name": "RHSA-2018:1270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1270"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2814",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u181"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u162"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10; Java SE Embedded: 8u161"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1278",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1278"
            },
            {
              "name": "DSA-4185",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4185"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
            },
            {
              "name": "GLSA-201903-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-14"
            },
            {
              "name": "DSA-4225",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4225"
            },
            {
              "name": "1040697",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040697"
            },
            {
              "name": "RHSA-2018:1203",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1203"
            },
            {
              "name": "USN-3644-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3644-1/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
            },
            {
              "name": "RHSA-2018:1201",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1201"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "RHSA-2018:1204",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1204"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "103798",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103798"
            },
            {
              "name": "RHSA-2018:1205",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1205"
            },
            {
              "name": "USN-3691-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3691-1/"
            },
            {
              "name": "RHSA-2018:1202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1202"
            },
            {
              "name": "RHSA-2018:1191",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1191"
            },
            {
              "name": "RHSA-2018:1188",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1188"
            },
            {
              "name": "RHSA-2018:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1206"
            },
            {
              "name": "RHSA-2018:1270",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1270"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2814",
    "datePublished": "2018-04-19T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:16:27.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-37199
Vulnerability from cvelistv5
Published
2023-07-12 07:04
Modified
2024-11-07 14:44
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:33.130Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "struxureware_data_center_expert",
            "vendor": "schneider-electric",
            "versions": [
              {
                "lessThanOrEqual": "7.9.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37199",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T14:42:11.667073Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T14:44:46.940Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StruxureWare Data Center Expert ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "v7.9.3 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\ncould cause remote code execution when an admin user on DCE tampers with backups which\nare then manually restored. \n\n\n"
            }
          ],
          "value": "\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\ncould cause remote code execution when an admin user on DCE tampers with backups which\nare then manually restored. \n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-12T07:04:08.510Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-37199",
    "datePublished": "2023-07-12T07:04:08.510Z",
    "dateReserved": "2023-06-28T14:14:13.863Z",
    "dateUpdated": "2024-11-07T14:44:46.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-8371
Vulnerability from cvelistv5
Published
2017-04-30 20:00
Modified
2024-09-16 20:11
Severity ?
Summary
Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.
References
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-343-01x_refsource_MISC
http://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patches-critical-vulnerability-in-struxureware-dcim/97738.fullarticlex_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:34:22.714Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-343-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patches-critical-vulnerability-in-struxureware-dcim/97738.fullarticle"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-30T20:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-343-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patches-critical-vulnerability-in-struxureware-dcim/97738.fullarticle"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-8371",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-343-01",
              "refsource": "MISC",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-343-01"
            },
            {
              "name": "http://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patches-critical-vulnerability-in-struxureware-dcim/97738.fullarticle",
              "refsource": "MISC",
              "url": "http://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patches-critical-vulnerability-in-struxureware-dcim/97738.fullarticle"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-8371",
    "datePublished": "2017-04-30T20:00:00Z",
    "dateReserved": "2017-04-30T00:00:00Z",
    "dateUpdated": "2024-09-16T20:11:21.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25554
Vulnerability from cvelistv5
Published
2023-04-18 20:34
Modified
2024-08-02 11:25
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:19.269Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StruxureWare Data Center Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "V7.9.2",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\n\n\n\n\nA CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS\nCommand Injection\u0027) vulnerability exists that allows a local privilege escalation on the appliance\nwhen a maliciously crafted Operating System command is entered on the device.\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\u003c/p\u003e"
            }
          ],
          "value": "\n\n\n\n\nA CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS\nCommand Injection\u0027) vulnerability exists that allows a local privilege escalation on the appliance\nwhen a maliciously crafted Operating System command is entered on the device.\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-18T20:34:40.438Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-25554",
    "datePublished": "2023-04-18T20:34:40.438Z",
    "dateReserved": "2023-02-07T17:00:03.780Z",
    "dateUpdated": "2024-08-02T11:25:19.269Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2790
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-08-05 04:29
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
https://access.redhat.com/errata/RHSA-2018:1278vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4185vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:1975vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usx_refsource_CONFIRM
https://security.gentoo.org/glsa/201903-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2018/dsa-4225vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1040697vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:1724vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1203vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3644-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1723vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180419-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1201vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1204vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1722vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1974vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1205vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1721vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3691-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1202vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1191vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1188vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1206vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1270vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/103877vdb-entry, x_refsource_BID
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:44.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1278",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1278"
          },
          {
            "name": "DSA-4185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4185"
          },
          {
            "name": "RHSA-2018:1975",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1975"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
          },
          {
            "name": "GLSA-201903-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-14"
          },
          {
            "name": "DSA-4225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4225"
          },
          {
            "name": "1040697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040697"
          },
          {
            "name": "RHSA-2018:1724",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1724"
          },
          {
            "name": "RHSA-2018:1203",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1203"
          },
          {
            "name": "USN-3644-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3644-1/"
          },
          {
            "name": "RHSA-2018:1723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1723"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
          },
          {
            "name": "RHSA-2018:1201",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "RHSA-2018:1204",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2018:1722",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1722"
          },
          {
            "name": "RHSA-2018:1974",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1974"
          },
          {
            "name": "RHSA-2018:1205",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1205"
          },
          {
            "name": "RHSA-2018:1721",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1721"
          },
          {
            "name": "USN-3691-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3691-1/"
          },
          {
            "name": "RHSA-2018:1202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1202"
          },
          {
            "name": "RHSA-2018:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1191"
          },
          {
            "name": "RHSA-2018:1188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1188"
          },
          {
            "name": "RHSA-2018:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1206"
          },
          {
            "name": "RHSA-2018:1270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1270"
          },
          {
            "name": "103877",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103877"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u181"
            },
            {
              "status": "affected",
              "version": "7u171"
            },
            {
              "status": "affected",
              "version": "8u162"
            },
            {
              "status": "affected",
              "version": "10; Java SE Embedded: 8u161"
            }
          ]
        }
      ],
      "datePublic": "2018-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-20T00:06:06",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:1278",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1278"
        },
        {
          "name": "DSA-4185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4185"
        },
        {
          "name": "RHSA-2018:1975",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1975"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
        },
        {
          "name": "GLSA-201903-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-14"
        },
        {
          "name": "DSA-4225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4225"
        },
        {
          "name": "1040697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040697"
        },
        {
          "name": "RHSA-2018:1724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1724"
        },
        {
          "name": "RHSA-2018:1203",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1203"
        },
        {
          "name": "USN-3644-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3644-1/"
        },
        {
          "name": "RHSA-2018:1723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1723"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
        },
        {
          "name": "RHSA-2018:1201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "RHSA-2018:1204",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2018:1722",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1722"
        },
        {
          "name": "RHSA-2018:1974",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1974"
        },
        {
          "name": "RHSA-2018:1205",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1205"
        },
        {
          "name": "RHSA-2018:1721",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1721"
        },
        {
          "name": "USN-3691-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3691-1/"
        },
        {
          "name": "RHSA-2018:1202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1202"
        },
        {
          "name": "RHSA-2018:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1191"
        },
        {
          "name": "RHSA-2018:1188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1188"
        },
        {
          "name": "RHSA-2018:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1206"
        },
        {
          "name": "RHSA-2018:1270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1270"
        },
        {
          "name": "103877",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103877"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2790",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u181"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u162"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10; Java SE Embedded: 8u161"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1278",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1278"
            },
            {
              "name": "DSA-4185",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4185"
            },
            {
              "name": "RHSA-2018:1975",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1975"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
            },
            {
              "name": "GLSA-201903-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-14"
            },
            {
              "name": "DSA-4225",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4225"
            },
            {
              "name": "1040697",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040697"
            },
            {
              "name": "RHSA-2018:1724",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1724"
            },
            {
              "name": "RHSA-2018:1203",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1203"
            },
            {
              "name": "USN-3644-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3644-1/"
            },
            {
              "name": "RHSA-2018:1723",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1723"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
            },
            {
              "name": "RHSA-2018:1201",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1201"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "RHSA-2018:1204",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1204"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "RHSA-2018:1722",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1722"
            },
            {
              "name": "RHSA-2018:1974",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1974"
            },
            {
              "name": "RHSA-2018:1205",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1205"
            },
            {
              "name": "RHSA-2018:1721",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1721"
            },
            {
              "name": "USN-3691-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3691-1/"
            },
            {
              "name": "RHSA-2018:1202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1202"
            },
            {
              "name": "RHSA-2018:1191",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1191"
            },
            {
              "name": "RHSA-2018:1188",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1188"
            },
            {
              "name": "RHSA-2018:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1206"
            },
            {
              "name": "RHSA-2018:1270",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1270"
            },
            {
              "name": "103877",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103877"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2790",
    "datePublished": "2018-04-19T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-08-05T04:29:44.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2799
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-10-03 20:17
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
http://www.securityfocus.com/bid/103872vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:1278vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4185vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:1975vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usx_refsource_CONFIRM
https://security.gentoo.org/glsa/201903-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2018/dsa-4225vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1040697vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:1724vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3644-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1723vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180419-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1201vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1204vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1722vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1974vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1721vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3691-1/vendor-advisory, x_refsource_UBUNTU
https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1202vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1191vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1188vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1206vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1270vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usx_refsource_CONFIRM
https://lists.apache.org/thread.html/b53d4601ecd9ec63c799dbe1bc5b78e0d52f4cef429da2dfe63cf06d%40%3Cfop-dev.xmlgraphics.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r449b5d89c7b2ba3762584cf6c38e01867d4b24706e023cf2a9911307%40%3Cuser.spark.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:44.704Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103872",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103872"
          },
          {
            "name": "RHSA-2018:1278",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1278"
          },
          {
            "name": "DSA-4185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4185"
          },
          {
            "name": "RHSA-2018:1975",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1975"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
          },
          {
            "name": "GLSA-201903-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-14"
          },
          {
            "name": "DSA-4225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4225"
          },
          {
            "name": "1040697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040697"
          },
          {
            "name": "RHSA-2018:1724",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1724"
          },
          {
            "name": "USN-3644-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3644-1/"
          },
          {
            "name": "RHSA-2018:1723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1723"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
          },
          {
            "name": "RHSA-2018:1201",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "RHSA-2018:1204",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2018:1722",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1722"
          },
          {
            "name": "RHSA-2018:1974",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1974"
          },
          {
            "name": "RHSA-2018:1721",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1721"
          },
          {
            "name": "USN-3691-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3691-1/"
          },
          {
            "name": "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"
          },
          {
            "name": "RHSA-2018:1202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1202"
          },
          {
            "name": "RHSA-2018:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1191"
          },
          {
            "name": "RHSA-2018:1188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1188"
          },
          {
            "name": "RHSA-2018:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1206"
          },
          {
            "name": "RHSA-2018:1270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1270"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
          },
          {
            "name": "[xmlgraphics-fop-dev] 20191018 [jira] [Created] (FOP-2885) Security Vulnerability with Xerces version \u003c= 2.11",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b53d4601ecd9ec63c799dbe1bc5b78e0d52f4cef429da2dfe63cf06d%40%3Cfop-dev.xmlgraphics.apache.org%3E"
          },
          {
            "name": "[spark-user] 20200224 [SPARK Dependencies] Security Vulnerability with Xerces version \u003c 2.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r449b5d89c7b2ba3762584cf6c38e01867d4b24706e023cf2a9911307%40%3Cuser.spark.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2799",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:13:15.569832Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:17:55.139Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u171"
            },
            {
              "status": "affected",
              "version": "8u162"
            },
            {
              "status": "affected",
              "version": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
            }
          ]
        }
      ],
      "datePublic": "2018-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-24T18:06:03",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "103872",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103872"
        },
        {
          "name": "RHSA-2018:1278",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1278"
        },
        {
          "name": "DSA-4185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4185"
        },
        {
          "name": "RHSA-2018:1975",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1975"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
        },
        {
          "name": "GLSA-201903-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-14"
        },
        {
          "name": "DSA-4225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4225"
        },
        {
          "name": "1040697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040697"
        },
        {
          "name": "RHSA-2018:1724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1724"
        },
        {
          "name": "USN-3644-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3644-1/"
        },
        {
          "name": "RHSA-2018:1723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1723"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
        },
        {
          "name": "RHSA-2018:1201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "RHSA-2018:1204",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2018:1722",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1722"
        },
        {
          "name": "RHSA-2018:1974",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1974"
        },
        {
          "name": "RHSA-2018:1721",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1721"
        },
        {
          "name": "USN-3691-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3691-1/"
        },
        {
          "name": "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"
        },
        {
          "name": "RHSA-2018:1202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1202"
        },
        {
          "name": "RHSA-2018:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1191"
        },
        {
          "name": "RHSA-2018:1188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1188"
        },
        {
          "name": "RHSA-2018:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1206"
        },
        {
          "name": "RHSA-2018:1270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1270"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
        },
        {
          "name": "[xmlgraphics-fop-dev] 20191018 [jira] [Created] (FOP-2885) Security Vulnerability with Xerces version \u003c= 2.11",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b53d4601ecd9ec63c799dbe1bc5b78e0d52f4cef429da2dfe63cf06d%40%3Cfop-dev.xmlgraphics.apache.org%3E"
        },
        {
          "name": "[spark-user] 20200224 [SPARK Dependencies] Security Vulnerability with Xerces version \u003c 2.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r449b5d89c7b2ba3762584cf6c38e01867d4b24706e023cf2a9911307%40%3Cuser.spark.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2799",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u162"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103872",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103872"
            },
            {
              "name": "RHSA-2018:1278",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1278"
            },
            {
              "name": "DSA-4185",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4185"
            },
            {
              "name": "RHSA-2018:1975",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1975"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
            },
            {
              "name": "GLSA-201903-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-14"
            },
            {
              "name": "DSA-4225",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4225"
            },
            {
              "name": "1040697",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040697"
            },
            {
              "name": "RHSA-2018:1724",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1724"
            },
            {
              "name": "USN-3644-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3644-1/"
            },
            {
              "name": "RHSA-2018:1723",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1723"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
            },
            {
              "name": "RHSA-2018:1201",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1201"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "RHSA-2018:1204",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1204"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "RHSA-2018:1722",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1722"
            },
            {
              "name": "RHSA-2018:1974",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1974"
            },
            {
              "name": "RHSA-2018:1721",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1721"
            },
            {
              "name": "USN-3691-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3691-1/"
            },
            {
              "name": "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E"
            },
            {
              "name": "RHSA-2018:1202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1202"
            },
            {
              "name": "RHSA-2018:1191",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1191"
            },
            {
              "name": "RHSA-2018:1188",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1188"
            },
            {
              "name": "RHSA-2018:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1206"
            },
            {
              "name": "RHSA-2018:1270",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1270"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
            },
            {
              "name": "[xmlgraphics-fop-dev] 20191018 [jira] [Created] (FOP-2885) Security Vulnerability with Xerces version \u003c= 2.11",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b53d4601ecd9ec63c799dbe1bc5b78e0d52f4cef429da2dfe63cf06d@%3Cfop-dev.xmlgraphics.apache.org%3E"
            },
            {
              "name": "[spark-user] 20200224 [SPARK Dependencies] Security Vulnerability with Xerces version \u003c 2.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r449b5d89c7b2ba3762584cf6c38e01867d4b24706e023cf2a9911307@%3Cuser.spark.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2799",
    "datePublished": "2018-04-19T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:17:55.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-37196
Vulnerability from cvelistv5
Published
2023-07-12 06:22
Modified
2024-11-07 14:46
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the alert settings of endpoints on DCE.
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:32.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "struxureware_data_center_expert",
            "vendor": "schneider-electric",
            "versions": [
              {
                "lessThanOrEqual": "7.9.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37196",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T14:42:31.489133Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T14:46:44.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StruxureWare Data Center Expert ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "v7.9.3 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T06:22:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nA CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command\n(\u0027SQL Injection\u0027) vulnerability exists that could allow a user already authenticated on DCE to\naccess unauthorized content, change, or delete content, or perform unauthorized actions when\ntampering with the alert settings of endpoints on DCE.\n\n"
            }
          ],
          "value": "\nA CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command\n(\u0027SQL Injection\u0027) vulnerability exists that could allow a user already authenticated on DCE to\naccess unauthorized content, change, or delete content, or perform unauthorized actions when\ntampering with the alert settings of endpoints on DCE.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-12T06:22:46.848Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-37196",
    "datePublished": "2023-07-12T06:22:46.848Z",
    "dateReserved": "2023-06-28T14:14:13.863Z",
    "dateUpdated": "2024-11-07T14:46:44.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1124
Vulnerability from cvelistv5
Published
2018-05-23 13:00
Modified
2024-08-05 03:51
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
References
https://usn.ubuntu.com/3658-1/vendor-advisory, x_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124x_refsource_CONFIRM
https://www.debian.org/security/2018/dsa-4208vendor-advisory, x_refsource_DEBIAN
https://security.gentoo.org/glsa/201805-14vendor-advisory, x_refsource_GENTOO
https://www.exploit-db.com/exploits/44806/exploit, x_refsource_EXPLOIT-DB
https://access.redhat.com/errata/RHSA-2018:1777vendor-advisory, x_refsource_REDHAT
https://kc.mcafee.com/corporate/index?page=content&id=SB10241x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/05/msg00021.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:2267vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2268vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1700vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
http://www.securityfocus.com/bid/104214vdb-entry, x_refsource_BID
http://seclists.org/oss-sec/2018/q2/122mailing-list, x_refsource_MLIST
http://www.securitytracker.com/id/1041057vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:1820vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3658-2/vendor-advisory, x_refsource_UBUNTU
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txtx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:1944vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2401vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:48.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3658-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3658-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
          },
          {
            "name": "DSA-4208",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4208"
          },
          {
            "name": "GLSA-201805-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201805-14"
          },
          {
            "name": "44806",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44806/"
          },
          {
            "name": "RHSA-2018:1777",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1777"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
          },
          {
            "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
          },
          {
            "name": "RHSA-2018:2267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2267"
          },
          {
            "name": "RHSA-2018:2268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2268"
          },
          {
            "name": "RHSA-2018:1700",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1700"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "104214",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104214"
          },
          {
            "name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2018/q2/122"
          },
          {
            "name": "1041057",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041057"
          },
          {
            "name": "RHSA-2018:1820",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1820"
          },
          {
            "name": "USN-3658-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3658-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
          },
          {
            "name": "RHSA-2019:1944",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1944"
          },
          {
            "name": "RHSA-2019:2401",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2401"
          },
          {
            "name": "openSUSE-SU-2019:2376",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
          },
          {
            "name": "openSUSE-SU-2019:2379",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "procps-ng",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "procps-ng 3.3.15"
            }
          ]
        }
      ],
      "datePublic": "2018-05-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-26T23:06:10",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-3658-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3658-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
        },
        {
          "name": "DSA-4208",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4208"
        },
        {
          "name": "GLSA-201805-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201805-14"
        },
        {
          "name": "44806",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44806/"
        },
        {
          "name": "RHSA-2018:1777",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1777"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
        },
        {
          "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
        },
        {
          "name": "RHSA-2018:2267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2267"
        },
        {
          "name": "RHSA-2018:2268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2268"
        },
        {
          "name": "RHSA-2018:1700",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1700"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "104214",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104214"
        },
        {
          "name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2018/q2/122"
        },
        {
          "name": "1041057",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041057"
        },
        {
          "name": "RHSA-2018:1820",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1820"
        },
        {
          "name": "USN-3658-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3658-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
        },
        {
          "name": "RHSA-2019:1944",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1944"
        },
        {
          "name": "RHSA-2019:2401",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2401"
        },
        {
          "name": "openSUSE-SU-2019:2376",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
        },
        {
          "name": "openSUSE-SU-2019:2379",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-1124",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "procps-ng",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "procps-ng 3.3.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-190"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3658-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3658-1/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
            },
            {
              "name": "DSA-4208",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4208"
            },
            {
              "name": "GLSA-201805-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201805-14"
            },
            {
              "name": "44806",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44806/"
            },
            {
              "name": "RHSA-2018:1777",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1777"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
            },
            {
              "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
            },
            {
              "name": "RHSA-2018:2267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2267"
            },
            {
              "name": "RHSA-2018:2268",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2268"
            },
            {
              "name": "RHSA-2018:1700",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1700"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "104214",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104214"
            },
            {
              "name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2018/q2/122"
            },
            {
              "name": "1041057",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041057"
            },
            {
              "name": "RHSA-2018:1820",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1820"
            },
            {
              "name": "USN-3658-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3658-2/"
            },
            {
              "name": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
              "refsource": "MISC",
              "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
            },
            {
              "name": "RHSA-2019:1944",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1944"
            },
            {
              "name": "RHSA-2019:2401",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2401"
            },
            {
              "name": "openSUSE-SU-2019:2376",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
            },
            {
              "name": "openSUSE-SU-2019:2379",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1124",
    "datePublished": "2018-05-23T13:00:00",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T03:51:48.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2798
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-08-05 04:29
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2018:1278vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4185vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:1975vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usx_refsource_CONFIRM
https://security.gentoo.org/glsa/201903-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2018/dsa-4225vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1040697vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:1724vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1203vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3644-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1723vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180419-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1201vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1204vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1722vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1974vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1205vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1721vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3691-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/103841vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:1202vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1191vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1188vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1206vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1270vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:44.991Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1278",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1278"
          },
          {
            "name": "DSA-4185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4185"
          },
          {
            "name": "RHSA-2018:1975",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1975"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
          },
          {
            "name": "GLSA-201903-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-14"
          },
          {
            "name": "DSA-4225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4225"
          },
          {
            "name": "1040697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040697"
          },
          {
            "name": "RHSA-2018:1724",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1724"
          },
          {
            "name": "RHSA-2018:1203",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1203"
          },
          {
            "name": "USN-3644-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3644-1/"
          },
          {
            "name": "RHSA-2018:1723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1723"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
          },
          {
            "name": "RHSA-2018:1201",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "RHSA-2018:1204",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2018:1722",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1722"
          },
          {
            "name": "RHSA-2018:1974",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1974"
          },
          {
            "name": "RHSA-2018:1205",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1205"
          },
          {
            "name": "RHSA-2018:1721",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1721"
          },
          {
            "name": "USN-3691-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3691-1/"
          },
          {
            "name": "103841",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103841"
          },
          {
            "name": "RHSA-2018:1202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1202"
          },
          {
            "name": "RHSA-2018:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1191"
          },
          {
            "name": "RHSA-2018:1188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1188"
          },
          {
            "name": "RHSA-2018:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1206"
          },
          {
            "name": "RHSA-2018:1270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1270"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u181"
            },
            {
              "status": "affected",
              "version": "7u171"
            },
            {
              "status": "affected",
              "version": "8u162"
            },
            {
              "status": "affected",
              "version": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
            }
          ]
        }
      ],
      "datePublic": "2018-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-20T00:06:05",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:1278",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1278"
        },
        {
          "name": "DSA-4185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4185"
        },
        {
          "name": "RHSA-2018:1975",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1975"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
        },
        {
          "name": "GLSA-201903-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-14"
        },
        {
          "name": "DSA-4225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4225"
        },
        {
          "name": "1040697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040697"
        },
        {
          "name": "RHSA-2018:1724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1724"
        },
        {
          "name": "RHSA-2018:1203",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1203"
        },
        {
          "name": "USN-3644-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3644-1/"
        },
        {
          "name": "RHSA-2018:1723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1723"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
        },
        {
          "name": "RHSA-2018:1201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "RHSA-2018:1204",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2018:1722",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1722"
        },
        {
          "name": "RHSA-2018:1974",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1974"
        },
        {
          "name": "RHSA-2018:1205",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1205"
        },
        {
          "name": "RHSA-2018:1721",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1721"
        },
        {
          "name": "USN-3691-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3691-1/"
        },
        {
          "name": "103841",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103841"
        },
        {
          "name": "RHSA-2018:1202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1202"
        },
        {
          "name": "RHSA-2018:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1191"
        },
        {
          "name": "RHSA-2018:1188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1188"
        },
        {
          "name": "RHSA-2018:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1206"
        },
        {
          "name": "RHSA-2018:1270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1270"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2798",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u181"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u162"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1278",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1278"
            },
            {
              "name": "DSA-4185",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4185"
            },
            {
              "name": "RHSA-2018:1975",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1975"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
            },
            {
              "name": "GLSA-201903-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-14"
            },
            {
              "name": "DSA-4225",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4225"
            },
            {
              "name": "1040697",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040697"
            },
            {
              "name": "RHSA-2018:1724",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1724"
            },
            {
              "name": "RHSA-2018:1203",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1203"
            },
            {
              "name": "USN-3644-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3644-1/"
            },
            {
              "name": "RHSA-2018:1723",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1723"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
            },
            {
              "name": "RHSA-2018:1201",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1201"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "RHSA-2018:1204",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1204"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "RHSA-2018:1722",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1722"
            },
            {
              "name": "RHSA-2018:1974",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1974"
            },
            {
              "name": "RHSA-2018:1205",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1205"
            },
            {
              "name": "RHSA-2018:1721",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1721"
            },
            {
              "name": "USN-3691-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3691-1/"
            },
            {
              "name": "103841",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103841"
            },
            {
              "name": "RHSA-2018:1202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1202"
            },
            {
              "name": "RHSA-2018:1191",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1191"
            },
            {
              "name": "RHSA-2018:1188",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1188"
            },
            {
              "name": "RHSA-2018:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1206"
            },
            {
              "name": "RHSA-2018:1270",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1270"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2798",
    "datePublished": "2018-04-19T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-08-05T04:29:44.991Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2629
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:39
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).
References
http://www.securityfocus.com/bid/102615vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://usn.ubuntu.com/3614-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4166vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0115vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0349vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:34.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102615",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102615"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "USN-3614-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3614-1/"
          },
          {
            "name": "DSA-4166",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4166"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0349"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2629",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:23:46.580396Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:39:41.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "102615",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102615"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "USN-3614-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3614-1/"
        },
        {
          "name": "DSA-4166",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4166"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0349"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2629",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102615",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102615"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "USN-3614-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3614-1/"
            },
            {
              "name": "DSA-4166",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4166"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0115"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0349"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2629",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:39:41.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2602
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:42
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).
References
http://www.securityfocus.com/bid/102642vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0351vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://usn.ubuntu.com/3614-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4166vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0352vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0115vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0349vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:34.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102642",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102642"
          },
          {
            "name": "RHSA-2018:0351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "USN-3614-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3614-1/"
          },
          {
            "name": "DSA-4166",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4166"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0352"
          },
          {
            "name": "RHSA-2018:0115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "RHSA-2018:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0349"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2602",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:22:56.153547Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:42:39.299Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u171"
            },
            {
              "status": "affected",
              "version": "7u161"
            },
            {
              "status": "affected",
              "version": "8u152"
            },
            {
              "status": "affected",
              "version": "9.0.1; Java SE Embedded: 8u151"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "102642",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102642"
        },
        {
          "name": "RHSA-2018:0351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "USN-3614-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3614-1/"
        },
        {
          "name": "DSA-4166",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4166"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0352"
        },
        {
          "name": "RHSA-2018:0115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "RHSA-2018:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0349"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2602",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u152"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.1; Java SE Embedded: 8u151"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102642",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102642"
            },
            {
              "name": "RHSA-2018:0351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0351"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "USN-3614-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3614-1/"
            },
            {
              "name": "DSA-4166",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4166"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0352"
            },
            {
              "name": "RHSA-2018:0115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0115"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "RHSA-2018:0349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0349"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2602",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:42:39.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2800
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-10-03 20:17
Severity ?
Summary
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).
References
https://access.redhat.com/errata/RHSA-2018:1278vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4185vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:1975vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usx_refsource_CONFIRM
https://security.gentoo.org/glsa/201903-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2018/dsa-4225vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1040697vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:1724vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1203vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3644-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1723vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180419-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1201vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1204vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/103849vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1722vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1974vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1205vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1721vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3691-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1202vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1191vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1188vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1206vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1270vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:44.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1278",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1278"
          },
          {
            "name": "DSA-4185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4185"
          },
          {
            "name": "RHSA-2018:1975",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1975"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
          },
          {
            "name": "GLSA-201903-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-14"
          },
          {
            "name": "DSA-4225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4225"
          },
          {
            "name": "1040697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040697"
          },
          {
            "name": "RHSA-2018:1724",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1724"
          },
          {
            "name": "RHSA-2018:1203",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1203"
          },
          {
            "name": "USN-3644-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3644-1/"
          },
          {
            "name": "RHSA-2018:1723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1723"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
          },
          {
            "name": "RHSA-2018:1201",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "RHSA-2018:1204",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1204"
          },
          {
            "name": "103849",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103849"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2018:1722",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1722"
          },
          {
            "name": "RHSA-2018:1974",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1974"
          },
          {
            "name": "RHSA-2018:1205",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1205"
          },
          {
            "name": "RHSA-2018:1721",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1721"
          },
          {
            "name": "USN-3691-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3691-1/"
          },
          {
            "name": "RHSA-2018:1202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1202"
          },
          {
            "name": "RHSA-2018:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1191"
          },
          {
            "name": "RHSA-2018:1188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1188"
          },
          {
            "name": "RHSA-2018:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1206"
          },
          {
            "name": "RHSA-2018:1270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1270"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2800",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:26:17.783525Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:17:49.066Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u181"
            },
            {
              "status": "affected",
              "version": "7u171"
            },
            {
              "status": "affected",
              "version": "8u162; JRockit: R28.3.17"
            }
          ]
        }
      ],
      "datePublic": "2018-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as  unauthorized read access to a subset of Java SE, JRockit accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-20T00:06:04",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:1278",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1278"
        },
        {
          "name": "DSA-4185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4185"
        },
        {
          "name": "RHSA-2018:1975",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1975"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
        },
        {
          "name": "GLSA-201903-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-14"
        },
        {
          "name": "DSA-4225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4225"
        },
        {
          "name": "1040697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040697"
        },
        {
          "name": "RHSA-2018:1724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1724"
        },
        {
          "name": "RHSA-2018:1203",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1203"
        },
        {
          "name": "USN-3644-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3644-1/"
        },
        {
          "name": "RHSA-2018:1723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1723"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
        },
        {
          "name": "RHSA-2018:1201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "RHSA-2018:1204",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1204"
        },
        {
          "name": "103849",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103849"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2018:1722",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1722"
        },
        {
          "name": "RHSA-2018:1974",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1974"
        },
        {
          "name": "RHSA-2018:1205",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1205"
        },
        {
          "name": "RHSA-2018:1721",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1721"
        },
        {
          "name": "USN-3691-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3691-1/"
        },
        {
          "name": "RHSA-2018:1202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1202"
        },
        {
          "name": "RHSA-2018:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1191"
        },
        {
          "name": "RHSA-2018:1188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1188"
        },
        {
          "name": "RHSA-2018:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1206"
        },
        {
          "name": "RHSA-2018:1270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1270"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2800",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u181"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u162; JRockit: R28.3.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as  unauthorized read access to a subset of Java SE, JRockit accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1278",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1278"
            },
            {
              "name": "DSA-4185",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4185"
            },
            {
              "name": "RHSA-2018:1975",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1975"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
            },
            {
              "name": "GLSA-201903-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-14"
            },
            {
              "name": "DSA-4225",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4225"
            },
            {
              "name": "1040697",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040697"
            },
            {
              "name": "RHSA-2018:1724",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1724"
            },
            {
              "name": "RHSA-2018:1203",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1203"
            },
            {
              "name": "USN-3644-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3644-1/"
            },
            {
              "name": "RHSA-2018:1723",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1723"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
            },
            {
              "name": "RHSA-2018:1201",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1201"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "RHSA-2018:1204",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1204"
            },
            {
              "name": "103849",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103849"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "RHSA-2018:1722",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1722"
            },
            {
              "name": "RHSA-2018:1974",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1974"
            },
            {
              "name": "RHSA-2018:1205",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1205"
            },
            {
              "name": "RHSA-2018:1721",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1721"
            },
            {
              "name": "USN-3691-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3691-1/"
            },
            {
              "name": "RHSA-2018:1202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1202"
            },
            {
              "name": "RHSA-2018:1191",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1191"
            },
            {
              "name": "RHSA-2018:1188",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1188"
            },
            {
              "name": "RHSA-2018:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1206"
            },
            {
              "name": "RHSA-2018:1270",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1270"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2800",
    "datePublished": "2018-04-19T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:17:49.066Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25547
Vulnerability from cvelistv5
Published
2023-04-18 20:31
Modified
2024-08-02 11:25
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:18.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StruxureWare Data Center Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "V7.9.2",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\nA CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution\non upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\u003c/p\u003e"
            }
          ],
          "value": "\nA CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution\non upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-18T20:31:35.199Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-25547",
    "datePublished": "2023-04-18T20:31:35.199Z",
    "dateReserved": "2023-02-07T17:00:03.777Z",
    "dateUpdated": "2024-08-02T11:25:18.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-3693
Vulnerability from cvelistv5
Published
2018-07-10 21:00
Modified
2024-08-05 04:50
Severity ?
Summary
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
References
https://access.redhat.com/errata/RHSA-2018:2390vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2395vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2384vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1946vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0174vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180823-0001/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://cdrdv2.intel.com/v1/dl/getContent/685359x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2390",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2390"
          },
          {
            "name": "RHSA-2018:2395",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2395"
          },
          {
            "name": "RHSA-2018:2384",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2384"
          },
          {
            "name": "RHSA-2019:1946",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1946"
          },
          {
            "name": "RHSA-2020:0174",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0174"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Most Modern Operating Systems",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-19T17:51:16",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "RHSA-2018:2390",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2390"
        },
        {
          "name": "RHSA-2018:2395",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2395"
        },
        {
          "name": "RHSA-2018:2384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2384"
        },
        {
          "name": "RHSA-2019:1946",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1946"
        },
        {
          "name": "RHSA-2020:0174",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0174"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2018-3693",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Most Modern Operating Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2390",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2390"
            },
            {
              "name": "RHSA-2018:2395",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2395"
            },
            {
              "name": "RHSA-2018:2384",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2384"
            },
            {
              "name": "RHSA-2019:1946",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1946"
            },
            {
              "name": "RHSA-2020:0174",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0174"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180823-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://cdrdv2.intel.com/v1/dl/getContent/685359",
              "refsource": "CONFIRM",
              "url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-3693",
    "datePublished": "2018-07-10T21:00:00",
    "dateReserved": "2017-12-28T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2678
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:33
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2018:0351vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://usn.ubuntu.com/3614-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4166vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0352vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0115vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0349vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/102659vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:43.149Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:0351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "USN-3614-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3614-1/"
          },
          {
            "name": "DSA-4166",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4166"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0352"
          },
          {
            "name": "RHSA-2018:0115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "RHSA-2018:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0349"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          },
          {
            "name": "102659",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102659"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2678",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:24:12.973702Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:33:42.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u171"
            },
            {
              "status": "affected",
              "version": "7u161"
            },
            {
              "status": "affected",
              "version": "8u152"
            },
            {
              "status": "affected",
              "version": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:0351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "USN-3614-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3614-1/"
        },
        {
          "name": "DSA-4166",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4166"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0352"
        },
        {
          "name": "RHSA-2018:0115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "RHSA-2018:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0349"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        },
        {
          "name": "102659",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102659"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2678",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u152"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:0351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0351"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "USN-3614-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3614-1/"
            },
            {
              "name": "DSA-4166",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4166"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0352"
            },
            {
              "name": "RHSA-2018:0115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0115"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "RHSA-2018:0349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0349"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            },
            {
              "name": "102659",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102659"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2678",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:33:42.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-37197
Vulnerability from cvelistv5
Published
2023-07-12 06:41
Modified
2024-11-07 14:46
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE.
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:33.407Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "struxureware_data_center_expert",
            "vendor": "schneider-electric",
            "versions": [
              {
                "lessThanOrEqual": "7.9.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37197",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T14:42:24.492097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T14:46:11.017Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StruxureWare Data Center Expert ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "v7.9.3 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T06:22:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\nA CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command\n(\u0027SQL Injection\u0027) vulnerability exists that could allow a user already authenticated on DCE to\naccess unauthorized content, change, or delete content, or perform unauthorized actions when\ntampering with the mass configuration settings of endpoints on DCE. \n\n\n\n"
            }
          ],
          "value": "\n\n\nA CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command\n(\u0027SQL Injection\u0027) vulnerability exists that could allow a user already authenticated on DCE to\naccess unauthorized content, change, or delete content, or perform unauthorized actions when\ntampering with the mass configuration settings of endpoints on DCE. \n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-12T06:41:30.783Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-37197",
    "datePublished": "2023-07-12T06:41:30.783Z",
    "dateReserved": "2023-06-28T14:14:13.863Z",
    "dateUpdated": "2024-11-07T14:46:11.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2811
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-08-05 04:29
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
https://security.gentoo.org/glsa/201903-14vendor-advisory, x_refsource_GENTOO
http://www.securitytracker.com/id/1040697vdb-entry, x_refsource_SECTRACK
https://security.netapp.com/advisory/ntap-20180419-0001/x_refsource_CONFIRM
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1204vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1202vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/103810vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:44.788Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201903-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-14"
          },
          {
            "name": "1040697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040697"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "RHSA-2018:1204",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2018:1202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1202"
          },
          {
            "name": "103810",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103810"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 8u162"
            },
            {
              "status": "affected",
              "version": "10"
            }
          ]
        }
      ],
      "datePublic": "2018-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-14T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "GLSA-201903-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-14"
        },
        {
          "name": "1040697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040697"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "RHSA-2018:1204",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2018:1202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1202"
        },
        {
          "name": "103810",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103810"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2811",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 8u162"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201903-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-14"
            },
            {
              "name": "1040697",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040697"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "RHSA-2018:1204",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1204"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "RHSA-2018:1202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1202"
            },
            {
              "name": "103810",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103810"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2811",
    "datePublished": "2018-04-19T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-08-05T04:29:44.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25549
Vulnerability from cvelistv5
Published
2023-04-18 20:35
Modified
2024-08-02 11:25
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:19.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StruxureWare Data Center Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "V7.9.2",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\n\n\n\n\n\n\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\nallows for remote code execution when using a parameter of the DCE network settings\nendpoint. \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\u003c/p\u003e"
            }
          ],
          "value": "\n\n\n\n\n\n\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\nallows for remote code execution when using a parameter of the DCE network settings\nendpoint. \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-18T20:35:42.008Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-25549",
    "datePublished": "2023-04-18T20:35:42.008Z",
    "dateReserved": "2023-02-07T17:00:03.778Z",
    "dateUpdated": "2024-08-02T11:25:19.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25548
Vulnerability from cvelistv5
Published
2023-04-18 20:32
Modified
2024-08-02 11:25
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:19.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StruxureWare Data Center Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "V7.9.2",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\nA CWE-863: Incorrect Authorization vulnerability exists that could allow access to device\ncredentials on specific DCE endpoints not being properly secured when a hacker is using a low\nprivileged user. \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\u003c/p\u003e"
            }
          ],
          "value": "\nA CWE-863: Incorrect Authorization vulnerability exists that could allow access to device\ncredentials on specific DCE endpoints not being properly secured when a hacker is using a low\nprivileged user. \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-18T20:32:42.718Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-25548",
    "datePublished": "2023-04-18T20:32:42.718Z",
    "dateReserved": "2023-02-07T17:00:03.777Z",
    "dateUpdated": "2024-08-02T11:25:19.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-22794
Vulnerability from cvelistv5
Published
2022-03-28 16:25
Modified
2024-08-03 18:51
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
References
https://www.se.com/ww/en/download/document/SEVD-2021-257-03/x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.441Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "StruxureWare Data Center Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThan": "V7.8.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-28T16:25:21",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22794",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "StruxureWare Data Center Expert",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "V7.8.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2021-22794",
    "datePublished": "2022-03-28T16:25:21",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:51:07.441Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25552
Vulnerability from cvelistv5
Published
2023-04-18 20:33
Modified
2024-08-02 11:25
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:19.289Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StruxureWare Data Center Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThanOrEqual": "V7.9.2",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\n\n\nA CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized\ncontent, changes or deleting of content, or performing unauthorized functions when tampering\nthe Device File Transfer settings on DCE endpoints. \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\u003c/p\u003e"
            }
          ],
          "value": "\n\n\nA CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized\ncontent, changes or deleting of content, or performing unauthorized functions when tampering\nthe Device File Transfer settings on DCE endpoints. \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-18T20:33:50.548Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-25552",
    "datePublished": "2023-04-18T20:33:50.548Z",
    "dateReserved": "2023-02-07T17:00:03.778Z",
    "dateUpdated": "2024-08-02T11:25:19.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2588
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:44
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
References
https://access.redhat.com/errata/RHSA-2018:0351vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://usn.ubuntu.com/3614-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4166vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0352vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0115vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/102661vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0349vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:34.410Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:0351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "USN-3614-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3614-1/"
          },
          {
            "name": "DSA-4166",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4166"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0352"
          },
          {
            "name": "RHSA-2018:0115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "102661",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102661"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "RHSA-2018:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0349"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:23:04.885301Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:44:11.023Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u171"
            },
            {
              "status": "affected",
              "version": "7u161"
            },
            {
              "status": "affected",
              "version": "8u152"
            },
            {
              "status": "affected",
              "version": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:0351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "USN-3614-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3614-1/"
        },
        {
          "name": "DSA-4166",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4166"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0352"
        },
        {
          "name": "RHSA-2018:0115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "102661",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102661"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "RHSA-2018:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0349"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2588",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u152"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:0351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0351"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "USN-3614-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3614-1/"
            },
            {
              "name": "DSA-4166",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4166"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0352"
            },
            {
              "name": "RHSA-2018:0115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0115"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "102661",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102661"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "RHSA-2018:0349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0349"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2588",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:44:11.023Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2634
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:39
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
References
https://access.redhat.com/errata/RHSA-2018:0351vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://usn.ubuntu.com/3614-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4166vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0352vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0349vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/102592vdb-entry, x_refsource_BID
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:34.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:0351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "USN-3614-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3614-1/"
          },
          {
            "name": "DSA-4166",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4166"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0352"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "RHSA-2018:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0349"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "102592",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102592"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2634",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:23:51.657270Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:39:11.360Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u161"
            },
            {
              "status": "affected",
              "version": "8u152"
            },
            {
              "status": "affected",
              "version": "9.0.1; Java SE Embedded: 8u151"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:0351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "USN-3614-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3614-1/"
        },
        {
          "name": "DSA-4166",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4166"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0352"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "RHSA-2018:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0349"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "102592",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102592"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2634",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u152"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.1; Java SE Embedded: 8u151"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:0351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0351"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "USN-3614-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3614-1/"
            },
            {
              "name": "DSA-4166",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4166"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0352"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "RHSA-2018:0349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0349"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "102592",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102592"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2634",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:39:11.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2815
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-08-05 04:29
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2018:1278vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4185vendor-advisory, x_refsource_DEBIAN
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usx_refsource_CONFIRM
https://security.gentoo.org/glsa/201903-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2018/dsa-4225vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1040697vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:1203vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/103848vdb-entry, x_refsource_BID
https://usn.ubuntu.com/3644-1/vendor-advisory, x_refsource_UBUNTU
https://security.netapp.com/advisory/ntap-20180419-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1201vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1204vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1205vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3691-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1202vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1191vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1188vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1206vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1270vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:44.730Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1278",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1278"
          },
          {
            "name": "DSA-4185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4185"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
          },
          {
            "name": "GLSA-201903-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-14"
          },
          {
            "name": "DSA-4225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4225"
          },
          {
            "name": "1040697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040697"
          },
          {
            "name": "RHSA-2018:1203",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1203"
          },
          {
            "name": "103848",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103848"
          },
          {
            "name": "USN-3644-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3644-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
          },
          {
            "name": "RHSA-2018:1201",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "RHSA-2018:1204",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2018:1205",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1205"
          },
          {
            "name": "USN-3691-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3691-1/"
          },
          {
            "name": "RHSA-2018:1202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1202"
          },
          {
            "name": "RHSA-2018:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1191"
          },
          {
            "name": "RHSA-2018:1188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1188"
          },
          {
            "name": "RHSA-2018:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1206"
          },
          {
            "name": "RHSA-2018:1270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1270"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u181"
            },
            {
              "status": "affected",
              "version": "7u171"
            },
            {
              "status": "affected",
              "version": "8u162"
            },
            {
              "status": "affected",
              "version": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
            }
          ]
        }
      ],
      "datePublic": "2018-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-20T00:06:05",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:1278",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1278"
        },
        {
          "name": "DSA-4185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4185"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
        },
        {
          "name": "GLSA-201903-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-14"
        },
        {
          "name": "DSA-4225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4225"
        },
        {
          "name": "1040697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040697"
        },
        {
          "name": "RHSA-2018:1203",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1203"
        },
        {
          "name": "103848",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103848"
        },
        {
          "name": "USN-3644-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3644-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
        },
        {
          "name": "RHSA-2018:1201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "RHSA-2018:1204",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2018:1205",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1205"
        },
        {
          "name": "USN-3691-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3691-1/"
        },
        {
          "name": "RHSA-2018:1202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1202"
        },
        {
          "name": "RHSA-2018:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1191"
        },
        {
          "name": "RHSA-2018:1188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1188"
        },
        {
          "name": "RHSA-2018:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1206"
        },
        {
          "name": "RHSA-2018:1270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1270"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2815",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u181"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u162"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1278",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1278"
            },
            {
              "name": "DSA-4185",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4185"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
            },
            {
              "name": "GLSA-201903-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-14"
            },
            {
              "name": "DSA-4225",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4225"
            },
            {
              "name": "1040697",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040697"
            },
            {
              "name": "RHSA-2018:1203",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1203"
            },
            {
              "name": "103848",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103848"
            },
            {
              "name": "USN-3644-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3644-1/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
            },
            {
              "name": "RHSA-2018:1201",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1201"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "RHSA-2018:1204",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1204"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "RHSA-2018:1205",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1205"
            },
            {
              "name": "USN-3691-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3691-1/"
            },
            {
              "name": "RHSA-2018:1202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1202"
            },
            {
              "name": "RHSA-2018:1191",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1191"
            },
            {
              "name": "RHSA-2018:1188",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1188"
            },
            {
              "name": "RHSA-2018:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1206"
            },
            {
              "name": "RHSA-2018:1270",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1270"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2815",
    "datePublished": "2018-04-19T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-08-05T04:29:44.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2797
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-10-03 20:18
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2018:1278vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4185vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:1975vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usx_refsource_CONFIRM
https://security.gentoo.org/glsa/201903-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2018/dsa-4225vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1040697vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/103846vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:1724vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1203vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3644-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1723vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180419-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1201vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1204vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1722vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1974vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1205vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1721vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3691-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1202vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1191vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1188vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1206vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1270vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:44.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1278",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1278"
          },
          {
            "name": "DSA-4185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4185"
          },
          {
            "name": "RHSA-2018:1975",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1975"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
          },
          {
            "name": "GLSA-201903-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-14"
          },
          {
            "name": "DSA-4225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4225"
          },
          {
            "name": "1040697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040697"
          },
          {
            "name": "103846",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103846"
          },
          {
            "name": "RHSA-2018:1724",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1724"
          },
          {
            "name": "RHSA-2018:1203",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1203"
          },
          {
            "name": "USN-3644-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3644-1/"
          },
          {
            "name": "RHSA-2018:1723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1723"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
          },
          {
            "name": "RHSA-2018:1201",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "RHSA-2018:1204",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2018:1722",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1722"
          },
          {
            "name": "RHSA-2018:1974",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1974"
          },
          {
            "name": "RHSA-2018:1205",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1205"
          },
          {
            "name": "RHSA-2018:1721",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1721"
          },
          {
            "name": "USN-3691-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3691-1/"
          },
          {
            "name": "RHSA-2018:1202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1202"
          },
          {
            "name": "RHSA-2018:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1191"
          },
          {
            "name": "RHSA-2018:1188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1188"
          },
          {
            "name": "RHSA-2018:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1206"
          },
          {
            "name": "RHSA-2018:1270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1270"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2797",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:13:35.233756Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:18:04.476Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u181"
            },
            {
              "status": "affected",
              "version": "7u171"
            },
            {
              "status": "affected",
              "version": "8u162"
            },
            {
              "status": "affected",
              "version": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
            }
          ]
        }
      ],
      "datePublic": "2018-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-20T00:06:05",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:1278",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1278"
        },
        {
          "name": "DSA-4185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4185"
        },
        {
          "name": "RHSA-2018:1975",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1975"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
        },
        {
          "name": "GLSA-201903-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-14"
        },
        {
          "name": "DSA-4225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4225"
        },
        {
          "name": "1040697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040697"
        },
        {
          "name": "103846",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103846"
        },
        {
          "name": "RHSA-2018:1724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1724"
        },
        {
          "name": "RHSA-2018:1203",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1203"
        },
        {
          "name": "USN-3644-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3644-1/"
        },
        {
          "name": "RHSA-2018:1723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1723"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
        },
        {
          "name": "RHSA-2018:1201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "RHSA-2018:1204",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2018:1722",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1722"
        },
        {
          "name": "RHSA-2018:1974",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1974"
        },
        {
          "name": "RHSA-2018:1205",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1205"
        },
        {
          "name": "RHSA-2018:1721",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1721"
        },
        {
          "name": "USN-3691-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3691-1/"
        },
        {
          "name": "RHSA-2018:1202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1202"
        },
        {
          "name": "RHSA-2018:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1191"
        },
        {
          "name": "RHSA-2018:1188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1188"
        },
        {
          "name": "RHSA-2018:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1206"
        },
        {
          "name": "RHSA-2018:1270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1270"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2797",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u181"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u162"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1278",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1278"
            },
            {
              "name": "DSA-4185",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4185"
            },
            {
              "name": "RHSA-2018:1975",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1975"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
            },
            {
              "name": "GLSA-201903-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-14"
            },
            {
              "name": "DSA-4225",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4225"
            },
            {
              "name": "1040697",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040697"
            },
            {
              "name": "103846",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103846"
            },
            {
              "name": "RHSA-2018:1724",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1724"
            },
            {
              "name": "RHSA-2018:1203",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1203"
            },
            {
              "name": "USN-3644-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3644-1/"
            },
            {
              "name": "RHSA-2018:1723",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1723"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
            },
            {
              "name": "RHSA-2018:1201",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1201"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "RHSA-2018:1204",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1204"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "RHSA-2018:1722",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1722"
            },
            {
              "name": "RHSA-2018:1974",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1974"
            },
            {
              "name": "RHSA-2018:1205",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1205"
            },
            {
              "name": "RHSA-2018:1721",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1721"
            },
            {
              "name": "USN-3691-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3691-1/"
            },
            {
              "name": "RHSA-2018:1202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1202"
            },
            {
              "name": "RHSA-2018:1191",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1191"
            },
            {
              "name": "RHSA-2018:1188",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1188"
            },
            {
              "name": "RHSA-2018:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1206"
            },
            {
              "name": "RHSA-2018:1270",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1270"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2797",
    "datePublished": "2018-04-19T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:18:04.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2599
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:42
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).
References
https://access.redhat.com/errata/RHSA-2018:0351vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
http://www.securityfocus.com/bid/102633vdb-entry, x_refsource_BID
https://usn.ubuntu.com/3614-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4166vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0352vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0115vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0349vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:34.378Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:0351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "102633",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102633"
          },
          {
            "name": "USN-3614-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3614-1/"
          },
          {
            "name": "DSA-4166",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4166"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0352"
          },
          {
            "name": "RHSA-2018:0115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "RHSA-2018:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0349"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2599",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:22:37.884160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:42:59.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u171"
            },
            {
              "status": "affected",
              "version": "7u161"
            },
            {
              "status": "affected",
              "version": "8u152"
            },
            {
              "status": "affected",
              "version": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:0351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "102633",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102633"
        },
        {
          "name": "USN-3614-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3614-1/"
        },
        {
          "name": "DSA-4166",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4166"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0352"
        },
        {
          "name": "RHSA-2018:0115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "RHSA-2018:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0349"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2599",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u152"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:0351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0351"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "102633",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102633"
            },
            {
              "name": "USN-3614-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3614-1/"
            },
            {
              "name": "DSA-4166",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4166"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0352"
            },
            {
              "name": "RHSA-2018:0115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0115"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "RHSA-2018:0349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0349"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2599",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:42:59.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2794
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-10-03 20:18
Severity ?
Summary
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
https://access.redhat.com/errata/RHSA-2018:1278vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4185vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:1975vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usx_refsource_CONFIRM
https://security.gentoo.org/glsa/201903-14vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2018/dsa-4225vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1040697vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:1724vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1203vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3644-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1723vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180419-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1201vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1204vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1722vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1974vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1205vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1721vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3691-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/103817vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:1202vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1191vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1188vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1206vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1270vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:44.799Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1278",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1278"
          },
          {
            "name": "DSA-4185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4185"
          },
          {
            "name": "RHSA-2018:1975",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1975"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
          },
          {
            "name": "GLSA-201903-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-14"
          },
          {
            "name": "DSA-4225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4225"
          },
          {
            "name": "1040697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040697"
          },
          {
            "name": "RHSA-2018:1724",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1724"
          },
          {
            "name": "RHSA-2018:1203",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1203"
          },
          {
            "name": "USN-3644-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3644-1/"
          },
          {
            "name": "RHSA-2018:1723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1723"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
          },
          {
            "name": "RHSA-2018:1201",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "RHSA-2018:1204",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2018:1722",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1722"
          },
          {
            "name": "RHSA-2018:1974",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1974"
          },
          {
            "name": "RHSA-2018:1205",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1205"
          },
          {
            "name": "RHSA-2018:1721",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1721"
          },
          {
            "name": "USN-3691-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3691-1/"
          },
          {
            "name": "103817",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103817"
          },
          {
            "name": "RHSA-2018:1202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1202"
          },
          {
            "name": "RHSA-2018:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1191"
          },
          {
            "name": "RHSA-2018:1188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1188"
          },
          {
            "name": "RHSA-2018:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1206"
          },
          {
            "name": "RHSA-2018:1270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1270"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2794",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:20:44.545581Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:18:19.133Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u181"
            },
            {
              "status": "affected",
              "version": "7u171"
            },
            {
              "status": "affected",
              "version": "8u162"
            },
            {
              "status": "affected",
              "version": "10"
            },
            {
              "status": "affected",
              "version": "JRockit: R28.3.17"
            }
          ]
        }
      ],
      "datePublic": "2018-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-20T00:06:06",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:1278",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1278"
        },
        {
          "name": "DSA-4185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4185"
        },
        {
          "name": "RHSA-2018:1975",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1975"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
        },
        {
          "name": "GLSA-201903-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-14"
        },
        {
          "name": "DSA-4225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4225"
        },
        {
          "name": "1040697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040697"
        },
        {
          "name": "RHSA-2018:1724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1724"
        },
        {
          "name": "RHSA-2018:1203",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1203"
        },
        {
          "name": "USN-3644-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3644-1/"
        },
        {
          "name": "RHSA-2018:1723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1723"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
        },
        {
          "name": "RHSA-2018:1201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "RHSA-2018:1204",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2018:1722",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1722"
        },
        {
          "name": "RHSA-2018:1974",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1974"
        },
        {
          "name": "RHSA-2018:1205",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1205"
        },
        {
          "name": "RHSA-2018:1721",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1721"
        },
        {
          "name": "USN-3691-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3691-1/"
        },
        {
          "name": "103817",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103817"
        },
        {
          "name": "RHSA-2018:1202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1202"
        },
        {
          "name": "RHSA-2018:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1191"
        },
        {
          "name": "RHSA-2018:1188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1188"
        },
        {
          "name": "RHSA-2018:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1206"
        },
        {
          "name": "RHSA-2018:1270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1270"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2794",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u181"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u162"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "JRockit: R28.3.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1278",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1278"
            },
            {
              "name": "DSA-4185",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4185"
            },
            {
              "name": "RHSA-2018:1975",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1975"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
            },
            {
              "name": "GLSA-201903-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-14"
            },
            {
              "name": "DSA-4225",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4225"
            },
            {
              "name": "1040697",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040697"
            },
            {
              "name": "RHSA-2018:1724",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1724"
            },
            {
              "name": "RHSA-2018:1203",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1203"
            },
            {
              "name": "USN-3644-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3644-1/"
            },
            {
              "name": "RHSA-2018:1723",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1723"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
            },
            {
              "name": "RHSA-2018:1201",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1201"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "RHSA-2018:1204",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1204"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "RHSA-2018:1722",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1722"
            },
            {
              "name": "RHSA-2018:1974",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1974"
            },
            {
              "name": "RHSA-2018:1205",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1205"
            },
            {
              "name": "RHSA-2018:1721",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1721"
            },
            {
              "name": "USN-3691-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3691-1/"
            },
            {
              "name": "103817",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103817"
            },
            {
              "name": "RHSA-2018:1202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1202"
            },
            {
              "name": "RHSA-2018:1191",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1191"
            },
            {
              "name": "RHSA-2018:1188",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1188"
            },
            {
              "name": "RHSA-2018:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1206"
            },
            {
              "name": "RHSA-2018:1270",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1270"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2794",
    "datePublished": "2018-04-19T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:18:19.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-3639
Vulnerability from cvelistv5
Published
2018-05-22 12:00
Modified
2024-09-16 22:55
Severity ?
Summary
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
References
https://access.redhat.com/errata/RHSA-2018:1689vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2162vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1641vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3680-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1997vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1665vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3407vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2164vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2001vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3423vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2003vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3654-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1645vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1643vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1652vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3424vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3402vendor-advisory, x_refsource_REDHAT
https://www.us-cert.gov/ncas/alerts/TA18-141Athird-party-advisory, x_refsource_CERT
https://access.redhat.com/errata/RHSA-2018:1656vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1664vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2258vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1688vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1658vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1657vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2289vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1666vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1042004vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:1675vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1660vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1965vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1661vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1633vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1636vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1854vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2006vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2250vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040949vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:3401vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1737vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1826vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3651-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4210vendor-advisory, x_refsource_DEBIAN
https://www.exploit-db.com/exploits/44695/exploit, x_refsource_EXPLOIT-DB
https://access.redhat.com/errata/RHSA-2018:1651vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1638vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1696vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2246vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1644vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1646vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1639vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1668vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1637vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2948vendor-advisory, x_refsource_REDHAT
https://www.kb.cert.org/vuls/id/180049third-party-advisory, x_refsource_CERT-VN
https://access.redhat.com/errata/RHSA-2018:1686vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2172vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1663vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3652-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1629vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1655vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1640vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1669vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1676vendor-advisory, x_refsource_REDHAT
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannelvendor-advisory, x_refsource_CISCO
https://access.redhat.com/errata/RHSA-2018:3425vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2363vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1632vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1650vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2396vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2364vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3653-2/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:2216vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3655-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1649vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2309vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/104232vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:1653vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2171vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1635vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:2394vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1710vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1659vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1711vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4273vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:1738vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1674vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3396vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1667vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3654-2/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1662vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1630vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1647vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1967vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3655-2/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3399vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2060vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1690vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3653-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:2161vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2018/07/msg00038.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:2328vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1648vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2387vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0148vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1654vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3679-1/vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/3777-3/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1642vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3397vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.htmlmailing-list, x_refsource_MLIST
https://usn.ubuntu.com/3756-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3398vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3400vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2228vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.htmlmailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:1046vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.htmlvendor-advisory, x_refsource_SUSE
https://seclists.org/bugtraq/2019/Jun/36mailing-list, x_refsource_BUGTRAQ
http://www.openwall.com/lists/oss-security/2020/06/10/1mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2020/06/10/2mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2020/06/10/5mailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdfx_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdfx_refsource_CONFIRM
http://support.lenovo.com/us/en/solutions/LEN-22133x_refsource_CONFIRM
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004x_refsource_CONFIRM
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012x_refsource_CONFIRM
https://support.citrix.com/article/CTX235225x_refsource_CONFIRM
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.htmlx_refsource_CONFIRM
https://www.synology.com/support/security/Synology_SA_18_23x_refsource_CONFIRM
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerabilityx_refsource_CONFIRM
http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.htmlx_refsource_CONFIRM
http://xenbits.xen.org/xsa/advisory-263.htmlx_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdfx_refsource_CONFIRM
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_usx_refsource_CONFIRM
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528x_refsource_MISC
https://security.netapp.com/advisory/ntap-20180521-0001/x_refsource_CONFIRM
https://nvidia.custhelp.com/app/answers/detail/a_id/4787x_refsource_CONFIRM
https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.281Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1689",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1689"
          },
          {
            "name": "RHSA-2018:2162",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2162"
          },
          {
            "name": "RHSA-2018:1641",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1641"
          },
          {
            "name": "USN-3680-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3680-1/"
          },
          {
            "name": "RHSA-2018:1997",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1997"
          },
          {
            "name": "RHSA-2018:1665",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1665"
          },
          {
            "name": "RHSA-2018:3407",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3407"
          },
          {
            "name": "RHSA-2018:2164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2164"
          },
          {
            "name": "RHSA-2018:2001",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2001"
          },
          {
            "name": "RHSA-2018:3423",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3423"
          },
          {
            "name": "RHSA-2018:2003",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2003"
          },
          {
            "name": "USN-3654-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3654-1/"
          },
          {
            "name": "RHSA-2018:1645",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1645"
          },
          {
            "name": "RHSA-2018:1643",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1643"
          },
          {
            "name": "RHSA-2018:1652",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1652"
          },
          {
            "name": "RHSA-2018:3424",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3424"
          },
          {
            "name": "RHSA-2018:3402",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3402"
          },
          {
            "name": "TA18-141A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
          },
          {
            "name": "RHSA-2018:1656",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1656"
          },
          {
            "name": "RHSA-2018:1664",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1664"
          },
          {
            "name": "RHSA-2018:2258",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2258"
          },
          {
            "name": "RHSA-2018:1688",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1688"
          },
          {
            "name": "RHSA-2018:1658",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1658"
          },
          {
            "name": "RHSA-2018:1657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1657"
          },
          {
            "name": "RHSA-2018:2289",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2289"
          },
          {
            "name": "RHSA-2018:1666",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1666"
          },
          {
            "name": "1042004",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042004"
          },
          {
            "name": "RHSA-2018:1675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1675"
          },
          {
            "name": "RHSA-2018:1660",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1660"
          },
          {
            "name": "RHSA-2018:1965",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1965"
          },
          {
            "name": "RHSA-2018:1661",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1661"
          },
          {
            "name": "RHSA-2018:1633",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1633"
          },
          {
            "name": "RHSA-2018:1636",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1636"
          },
          {
            "name": "RHSA-2018:1854",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1854"
          },
          {
            "name": "RHSA-2018:2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2006"
          },
          {
            "name": "RHSA-2018:2250",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2250"
          },
          {
            "name": "1040949",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040949"
          },
          {
            "name": "RHSA-2018:3401",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3401"
          },
          {
            "name": "RHSA-2018:1737",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1737"
          },
          {
            "name": "RHSA-2018:1826",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1826"
          },
          {
            "name": "USN-3651-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3651-1/"
          },
          {
            "name": "DSA-4210",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4210"
          },
          {
            "name": "44695",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44695/"
          },
          {
            "name": "RHSA-2018:1651",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1651"
          },
          {
            "name": "RHSA-2018:1638",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1638"
          },
          {
            "name": "RHSA-2018:1696",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1696"
          },
          {
            "name": "RHSA-2018:2246",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2246"
          },
          {
            "name": "RHSA-2018:1644",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1644"
          },
          {
            "name": "RHSA-2018:1646",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1646"
          },
          {
            "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
          },
          {
            "name": "RHSA-2018:1639",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1639"
          },
          {
            "name": "RHSA-2018:1668",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1668"
          },
          {
            "name": "RHSA-2018:1637",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1637"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "name": "VU#180049",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/180049"
          },
          {
            "name": "RHSA-2018:1686",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1686"
          },
          {
            "name": "RHSA-2018:2172",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2172"
          },
          {
            "name": "RHSA-2018:1663",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1663"
          },
          {
            "name": "USN-3652-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3652-1/"
          },
          {
            "name": "RHSA-2018:1629",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1629"
          },
          {
            "name": "RHSA-2018:1655",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1655"
          },
          {
            "name": "RHSA-2018:1640",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1640"
          },
          {
            "name": "RHSA-2018:1669",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1669"
          },
          {
            "name": "RHSA-2018:1676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1676"
          },
          {
            "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
          },
          {
            "name": "RHSA-2018:3425",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3425"
          },
          {
            "name": "RHSA-2018:2363",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2363"
          },
          {
            "name": "RHSA-2018:1632",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1632"
          },
          {
            "name": "RHSA-2018:1650",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1650"
          },
          {
            "name": "RHSA-2018:2396",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2396"
          },
          {
            "name": "RHSA-2018:2364",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2364"
          },
          {
            "name": "USN-3653-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3653-2/"
          },
          {
            "name": "RHSA-2018:2216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2216"
          },
          {
            "name": "USN-3655-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3655-1/"
          },
          {
            "name": "RHSA-2018:1649",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1649"
          },
          {
            "name": "RHSA-2018:2309",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2309"
          },
          {
            "name": "104232",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104232"
          },
          {
            "name": "RHSA-2018:1653",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1653"
          },
          {
            "name": "RHSA-2018:2171",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2171"
          },
          {
            "name": "RHSA-2018:1635",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1635"
          },
          {
            "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
          },
          {
            "name": "RHSA-2018:2394",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2394"
          },
          {
            "name": "RHSA-2018:1710",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1710"
          },
          {
            "name": "RHSA-2018:1659",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1659"
          },
          {
            "name": "RHSA-2018:1711",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1711"
          },
          {
            "name": "DSA-4273",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4273"
          },
          {
            "name": "RHSA-2018:1738",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1738"
          },
          {
            "name": "RHSA-2018:1674",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1674"
          },
          {
            "name": "RHSA-2018:3396",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3396"
          },
          {
            "name": "RHSA-2018:1667",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1667"
          },
          {
            "name": "USN-3654-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3654-2/"
          },
          {
            "name": "RHSA-2018:1662",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1662"
          },
          {
            "name": "RHSA-2018:1630",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1630"
          },
          {
            "name": "RHSA-2018:1647",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1647"
          },
          {
            "name": "RHSA-2018:1967",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1967"
          },
          {
            "name": "USN-3655-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3655-2/"
          },
          {
            "name": "RHSA-2018:3399",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3399"
          },
          {
            "name": "RHSA-2018:2060",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2060"
          },
          {
            "name": "RHSA-2018:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1690"
          },
          {
            "name": "USN-3653-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3653-1/"
          },
          {
            "name": "RHSA-2018:2161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2161"
          },
          {
            "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
          },
          {
            "name": "RHSA-2018:2328",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2328"
          },
          {
            "name": "RHSA-2018:1648",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1648"
          },
          {
            "name": "RHSA-2018:2387",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2387"
          },
          {
            "name": "RHSA-2019:0148",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0148"
          },
          {
            "name": "RHSA-2018:1654",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1654"
          },
          {
            "name": "USN-3679-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3679-1/"
          },
          {
            "name": "USN-3777-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3777-3/"
          },
          {
            "name": "RHSA-2018:1642",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1642"
          },
          {
            "name": "RHSA-2018:3397",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3397"
          },
          {
            "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
          },
          {
            "name": "USN-3756-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3756-1/"
          },
          {
            "name": "RHSA-2018:3398",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3398"
          },
          {
            "name": "RHSA-2018:3400",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3400"
          },
          {
            "name": "RHSA-2018:2228",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2228"
          },
          {
            "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
          },
          {
            "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
          },
          {
            "name": "RHSA-2019:1046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1046"
          },
          {
            "name": "openSUSE-SU-2019:1439",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
          },
          {
            "name": "openSUSE-SU-2019:1438",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
          },
          {
            "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/36"
          },
          {
            "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
          },
          {
            "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
          },
          {
            "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX235225"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_23"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-263.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
          },
          {
            "name": "openSUSE-SU-2020:1325",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Multiple"
            }
          ]
        }
      ],
      "datePublic": "2018-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-02T20:06:27",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "RHSA-2018:1689",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1689"
        },
        {
          "name": "RHSA-2018:2162",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2162"
        },
        {
          "name": "RHSA-2018:1641",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1641"
        },
        {
          "name": "USN-3680-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3680-1/"
        },
        {
          "name": "RHSA-2018:1997",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1997"
        },
        {
          "name": "RHSA-2018:1665",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1665"
        },
        {
          "name": "RHSA-2018:3407",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3407"
        },
        {
          "name": "RHSA-2018:2164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2164"
        },
        {
          "name": "RHSA-2018:2001",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2001"
        },
        {
          "name": "RHSA-2018:3423",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3423"
        },
        {
          "name": "RHSA-2018:2003",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2003"
        },
        {
          "name": "USN-3654-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3654-1/"
        },
        {
          "name": "RHSA-2018:1645",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1645"
        },
        {
          "name": "RHSA-2018:1643",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1643"
        },
        {
          "name": "RHSA-2018:1652",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1652"
        },
        {
          "name": "RHSA-2018:3424",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3424"
        },
        {
          "name": "RHSA-2018:3402",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3402"
        },
        {
          "name": "TA18-141A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
        },
        {
          "name": "RHSA-2018:1656",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1656"
        },
        {
          "name": "RHSA-2018:1664",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1664"
        },
        {
          "name": "RHSA-2018:2258",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2258"
        },
        {
          "name": "RHSA-2018:1688",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1688"
        },
        {
          "name": "RHSA-2018:1658",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1658"
        },
        {
          "name": "RHSA-2018:1657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1657"
        },
        {
          "name": "RHSA-2018:2289",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2289"
        },
        {
          "name": "RHSA-2018:1666",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1666"
        },
        {
          "name": "1042004",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042004"
        },
        {
          "name": "RHSA-2018:1675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1675"
        },
        {
          "name": "RHSA-2018:1660",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1660"
        },
        {
          "name": "RHSA-2018:1965",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1965"
        },
        {
          "name": "RHSA-2018:1661",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1661"
        },
        {
          "name": "RHSA-2018:1633",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1633"
        },
        {
          "name": "RHSA-2018:1636",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1636"
        },
        {
          "name": "RHSA-2018:1854",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1854"
        },
        {
          "name": "RHSA-2018:2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2006"
        },
        {
          "name": "RHSA-2018:2250",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2250"
        },
        {
          "name": "1040949",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040949"
        },
        {
          "name": "RHSA-2018:3401",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3401"
        },
        {
          "name": "RHSA-2018:1737",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1737"
        },
        {
          "name": "RHSA-2018:1826",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1826"
        },
        {
          "name": "USN-3651-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3651-1/"
        },
        {
          "name": "DSA-4210",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4210"
        },
        {
          "name": "44695",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44695/"
        },
        {
          "name": "RHSA-2018:1651",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1651"
        },
        {
          "name": "RHSA-2018:1638",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1638"
        },
        {
          "name": "RHSA-2018:1696",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1696"
        },
        {
          "name": "RHSA-2018:2246",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2246"
        },
        {
          "name": "RHSA-2018:1644",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1644"
        },
        {
          "name": "RHSA-2018:1646",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1646"
        },
        {
          "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
        },
        {
          "name": "RHSA-2018:1639",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1639"
        },
        {
          "name": "RHSA-2018:1668",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1668"
        },
        {
          "name": "RHSA-2018:1637",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1637"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "name": "VU#180049",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/180049"
        },
        {
          "name": "RHSA-2018:1686",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1686"
        },
        {
          "name": "RHSA-2018:2172",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2172"
        },
        {
          "name": "RHSA-2018:1663",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1663"
        },
        {
          "name": "USN-3652-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3652-1/"
        },
        {
          "name": "RHSA-2018:1629",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1629"
        },
        {
          "name": "RHSA-2018:1655",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1655"
        },
        {
          "name": "RHSA-2018:1640",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1640"
        },
        {
          "name": "RHSA-2018:1669",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1669"
        },
        {
          "name": "RHSA-2018:1676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1676"
        },
        {
          "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
        },
        {
          "name": "RHSA-2018:3425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3425"
        },
        {
          "name": "RHSA-2018:2363",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2363"
        },
        {
          "name": "RHSA-2018:1632",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1632"
        },
        {
          "name": "RHSA-2018:1650",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1650"
        },
        {
          "name": "RHSA-2018:2396",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2396"
        },
        {
          "name": "RHSA-2018:2364",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2364"
        },
        {
          "name": "USN-3653-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3653-2/"
        },
        {
          "name": "RHSA-2018:2216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2216"
        },
        {
          "name": "USN-3655-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3655-1/"
        },
        {
          "name": "RHSA-2018:1649",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1649"
        },
        {
          "name": "RHSA-2018:2309",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2309"
        },
        {
          "name": "104232",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104232"
        },
        {
          "name": "RHSA-2018:1653",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1653"
        },
        {
          "name": "RHSA-2018:2171",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2171"
        },
        {
          "name": "RHSA-2018:1635",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1635"
        },
        {
          "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
        },
        {
          "name": "RHSA-2018:2394",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2394"
        },
        {
          "name": "RHSA-2018:1710",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1710"
        },
        {
          "name": "RHSA-2018:1659",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1659"
        },
        {
          "name": "RHSA-2018:1711",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1711"
        },
        {
          "name": "DSA-4273",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4273"
        },
        {
          "name": "RHSA-2018:1738",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1738"
        },
        {
          "name": "RHSA-2018:1674",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1674"
        },
        {
          "name": "RHSA-2018:3396",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3396"
        },
        {
          "name": "RHSA-2018:1667",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1667"
        },
        {
          "name": "USN-3654-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3654-2/"
        },
        {
          "name": "RHSA-2018:1662",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1662"
        },
        {
          "name": "RHSA-2018:1630",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1630"
        },
        {
          "name": "RHSA-2018:1647",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1647"
        },
        {
          "name": "RHSA-2018:1967",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1967"
        },
        {
          "name": "USN-3655-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3655-2/"
        },
        {
          "name": "RHSA-2018:3399",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3399"
        },
        {
          "name": "RHSA-2018:2060",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2060"
        },
        {
          "name": "RHSA-2018:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1690"
        },
        {
          "name": "USN-3653-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3653-1/"
        },
        {
          "name": "RHSA-2018:2161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2161"
        },
        {
          "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
        },
        {
          "name": "RHSA-2018:2328",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2328"
        },
        {
          "name": "RHSA-2018:1648",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1648"
        },
        {
          "name": "RHSA-2018:2387",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2387"
        },
        {
          "name": "RHSA-2019:0148",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0148"
        },
        {
          "name": "RHSA-2018:1654",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1654"
        },
        {
          "name": "USN-3679-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3679-1/"
        },
        {
          "name": "USN-3777-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3777-3/"
        },
        {
          "name": "RHSA-2018:1642",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1642"
        },
        {
          "name": "RHSA-2018:3397",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3397"
        },
        {
          "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
        },
        {
          "name": "USN-3756-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3756-1/"
        },
        {
          "name": "RHSA-2018:3398",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3398"
        },
        {
          "name": "RHSA-2018:3400",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3400"
        },
        {
          "name": "RHSA-2018:2228",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2228"
        },
        {
          "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
        },
        {
          "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
        },
        {
          "name": "RHSA-2019:1046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1046"
        },
        {
          "name": "openSUSE-SU-2019:1439",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
        },
        {
          "name": "openSUSE-SU-2019:1438",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
        },
        {
          "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/36"
        },
        {
          "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
        },
        {
          "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
        },
        {
          "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX235225"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_23"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-263.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
        },
        {
          "name": "openSUSE-SU-2020:1325",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-05-21T00:00:00",
          "ID": "CVE-2018-3639",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Multiple",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Multiple"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1689",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1689"
            },
            {
              "name": "RHSA-2018:2162",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2162"
            },
            {
              "name": "RHSA-2018:1641",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1641"
            },
            {
              "name": "USN-3680-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3680-1/"
            },
            {
              "name": "RHSA-2018:1997",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1997"
            },
            {
              "name": "RHSA-2018:1665",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1665"
            },
            {
              "name": "RHSA-2018:3407",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3407"
            },
            {
              "name": "RHSA-2018:2164",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2164"
            },
            {
              "name": "RHSA-2018:2001",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2001"
            },
            {
              "name": "RHSA-2018:3423",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3423"
            },
            {
              "name": "RHSA-2018:2003",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2003"
            },
            {
              "name": "USN-3654-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3654-1/"
            },
            {
              "name": "RHSA-2018:1645",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1645"
            },
            {
              "name": "RHSA-2018:1643",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1643"
            },
            {
              "name": "RHSA-2018:1652",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1652"
            },
            {
              "name": "RHSA-2018:3424",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3424"
            },
            {
              "name": "RHSA-2018:3402",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3402"
            },
            {
              "name": "TA18-141A",
              "refsource": "CERT",
              "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
            },
            {
              "name": "RHSA-2018:1656",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1656"
            },
            {
              "name": "RHSA-2018:1664",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1664"
            },
            {
              "name": "RHSA-2018:2258",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2258"
            },
            {
              "name": "RHSA-2018:1688",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1688"
            },
            {
              "name": "RHSA-2018:1658",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1658"
            },
            {
              "name": "RHSA-2018:1657",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1657"
            },
            {
              "name": "RHSA-2018:2289",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2289"
            },
            {
              "name": "RHSA-2018:1666",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1666"
            },
            {
              "name": "1042004",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042004"
            },
            {
              "name": "RHSA-2018:1675",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1675"
            },
            {
              "name": "RHSA-2018:1660",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1660"
            },
            {
              "name": "RHSA-2018:1965",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1965"
            },
            {
              "name": "RHSA-2018:1661",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1661"
            },
            {
              "name": "RHSA-2018:1633",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1633"
            },
            {
              "name": "RHSA-2018:1636",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1636"
            },
            {
              "name": "RHSA-2018:1854",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1854"
            },
            {
              "name": "RHSA-2018:2006",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2006"
            },
            {
              "name": "RHSA-2018:2250",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2250"
            },
            {
              "name": "1040949",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040949"
            },
            {
              "name": "RHSA-2018:3401",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3401"
            },
            {
              "name": "RHSA-2018:1737",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1737"
            },
            {
              "name": "RHSA-2018:1826",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1826"
            },
            {
              "name": "USN-3651-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3651-1/"
            },
            {
              "name": "DSA-4210",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4210"
            },
            {
              "name": "44695",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44695/"
            },
            {
              "name": "RHSA-2018:1651",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1651"
            },
            {
              "name": "RHSA-2018:1638",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1638"
            },
            {
              "name": "RHSA-2018:1696",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1696"
            },
            {
              "name": "RHSA-2018:2246",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2246"
            },
            {
              "name": "RHSA-2018:1644",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1644"
            },
            {
              "name": "RHSA-2018:1646",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1646"
            },
            {
              "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
            },
            {
              "name": "RHSA-2018:1639",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1639"
            },
            {
              "name": "RHSA-2018:1668",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1668"
            },
            {
              "name": "RHSA-2018:1637",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1637"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "VU#180049",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/180049"
            },
            {
              "name": "RHSA-2018:1686",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1686"
            },
            {
              "name": "RHSA-2018:2172",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2172"
            },
            {
              "name": "RHSA-2018:1663",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1663"
            },
            {
              "name": "USN-3652-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3652-1/"
            },
            {
              "name": "RHSA-2018:1629",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1629"
            },
            {
              "name": "RHSA-2018:1655",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1655"
            },
            {
              "name": "RHSA-2018:1640",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1640"
            },
            {
              "name": "RHSA-2018:1669",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1669"
            },
            {
              "name": "RHSA-2018:1676",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1676"
            },
            {
              "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
            },
            {
              "name": "RHSA-2018:3425",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3425"
            },
            {
              "name": "RHSA-2018:2363",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2363"
            },
            {
              "name": "RHSA-2018:1632",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1632"
            },
            {
              "name": "RHSA-2018:1650",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1650"
            },
            {
              "name": "RHSA-2018:2396",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2396"
            },
            {
              "name": "RHSA-2018:2364",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2364"
            },
            {
              "name": "USN-3653-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3653-2/"
            },
            {
              "name": "RHSA-2018:2216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2216"
            },
            {
              "name": "USN-3655-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3655-1/"
            },
            {
              "name": "RHSA-2018:1649",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1649"
            },
            {
              "name": "RHSA-2018:2309",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2309"
            },
            {
              "name": "104232",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104232"
            },
            {
              "name": "RHSA-2018:1653",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1653"
            },
            {
              "name": "RHSA-2018:2171",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2171"
            },
            {
              "name": "RHSA-2018:1635",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1635"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "RHSA-2018:2394",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2394"
            },
            {
              "name": "RHSA-2018:1710",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1710"
            },
            {
              "name": "RHSA-2018:1659",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1659"
            },
            {
              "name": "RHSA-2018:1711",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1711"
            },
            {
              "name": "DSA-4273",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4273"
            },
            {
              "name": "RHSA-2018:1738",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1738"
            },
            {
              "name": "RHSA-2018:1674",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1674"
            },
            {
              "name": "RHSA-2018:3396",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3396"
            },
            {
              "name": "RHSA-2018:1667",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1667"
            },
            {
              "name": "USN-3654-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3654-2/"
            },
            {
              "name": "RHSA-2018:1662",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1662"
            },
            {
              "name": "RHSA-2018:1630",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1630"
            },
            {
              "name": "RHSA-2018:1647",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1647"
            },
            {
              "name": "RHSA-2018:1967",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1967"
            },
            {
              "name": "USN-3655-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3655-2/"
            },
            {
              "name": "RHSA-2018:3399",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3399"
            },
            {
              "name": "RHSA-2018:2060",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2060"
            },
            {
              "name": "RHSA-2018:1690",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1690"
            },
            {
              "name": "USN-3653-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3653-1/"
            },
            {
              "name": "RHSA-2018:2161",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2161"
            },
            {
              "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
            },
            {
              "name": "RHSA-2018:2328",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2328"
            },
            {
              "name": "RHSA-2018:1648",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1648"
            },
            {
              "name": "RHSA-2018:2387",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2387"
            },
            {
              "name": "RHSA-2019:0148",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0148"
            },
            {
              "name": "RHSA-2018:1654",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1654"
            },
            {
              "name": "USN-3679-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3679-1/"
            },
            {
              "name": "USN-3777-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3777-3/"
            },
            {
              "name": "RHSA-2018:1642",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1642"
            },
            {
              "name": "RHSA-2018:3397",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3397"
            },
            {
              "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
            },
            {
              "name": "USN-3756-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3756-1/"
            },
            {
              "name": "RHSA-2018:3398",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3398"
            },
            {
              "name": "RHSA-2018:3400",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3400"
            },
            {
              "name": "RHSA-2018:2228",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2228"
            },
            {
              "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
            },
            {
              "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
            },
            {
              "name": "RHSA-2019:1046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1046"
            },
            {
              "name": "openSUSE-SU-2019:1439",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
            },
            {
              "name": "openSUSE-SU-2019:1438",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
            },
            {
              "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/36"
            },
            {
              "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
            },
            {
              "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
            },
            {
              "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
            },
            {
              "name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
              "refsource": "CONFIRM",
              "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
            },
            {
              "name": "https://support.citrix.com/article/CTX235225",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX235225"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_23",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_23"
            },
            {
              "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
              "refsource": "CONFIRM",
              "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
            },
            {
              "name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
              "refsource": "CONFIRM",
              "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
            },
            {
              "name": "http://xenbits.xen.org/xsa/advisory-263.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-263.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
            },
            {
              "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
              "refsource": "CONFIRM",
              "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
            },
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787",
              "refsource": "CONFIRM",
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
            },
            {
              "name": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html",
              "refsource": "CONFIRM",
              "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
            },
            {
              "name": "openSUSE-SU-2020:1325",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-3639",
    "datePublished": "2018-05-22T12:00:00Z",
    "dateReserved": "2017-12-28T00:00:00",
    "dateUpdated": "2024-09-16T22:55:27.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2603
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:42
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
http://www.securityfocus.com/bid/102625vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0351vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://usn.ubuntu.com/3614-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4166vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0352vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0115vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0349vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:34.586Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102625",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102625"
          },
          {
            "name": "RHSA-2018:0351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "USN-3614-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3614-1/"
          },
          {
            "name": "DSA-4166",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4166"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0352"
          },
          {
            "name": "RHSA-2018:0115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "RHSA-2018:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0349"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:12:36.227363Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:42:31.548Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u171"
            },
            {
              "status": "affected",
              "version": "7u161"
            },
            {
              "status": "affected",
              "version": "8u152"
            },
            {
              "status": "affected",
              "version": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "102625",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102625"
        },
        {
          "name": "RHSA-2018:0351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "USN-3614-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3614-1/"
        },
        {
          "name": "DSA-4166",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4166"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0352"
        },
        {
          "name": "RHSA-2018:0115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "RHSA-2018:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0349"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2603",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u152"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102625",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102625"
            },
            {
              "name": "RHSA-2018:0351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0351"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "USN-3614-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3614-1/"
            },
            {
              "name": "DSA-4166",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4166"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0352"
            },
            {
              "name": "RHSA-2018:0115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0115"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "RHSA-2018:0349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0349"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2603",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:42:31.548Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2796
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-08-05 04:29
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
https://access.redhat.com/errata/RHSA-2018:1278vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4185vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:1975vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usx_refsource_CONFIRM
https://security.gentoo.org/glsa/201903-14vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/103868vdb-entry, x_refsource_BID
https://www.debian.org/security/2018/dsa-4225vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1040697vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:1724vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3644-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1723vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180419-0001/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1201vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1204vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1722vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1974vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1721vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3691-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1202vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1191vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1188vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1206vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1270vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:44.898Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1278",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1278"
          },
          {
            "name": "DSA-4185",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4185"
          },
          {
            "name": "RHSA-2018:1975",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1975"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
          },
          {
            "name": "GLSA-201903-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-14"
          },
          {
            "name": "103868",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103868"
          },
          {
            "name": "DSA-4225",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4225"
          },
          {
            "name": "1040697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040697"
          },
          {
            "name": "RHSA-2018:1724",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1724"
          },
          {
            "name": "USN-3644-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3644-1/"
          },
          {
            "name": "RHSA-2018:1723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1723"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
          },
          {
            "name": "RHSA-2018:1201",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "RHSA-2018:1204",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2018:1722",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1722"
          },
          {
            "name": "RHSA-2018:1974",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1974"
          },
          {
            "name": "RHSA-2018:1721",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1721"
          },
          {
            "name": "USN-3691-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3691-1/"
          },
          {
            "name": "RHSA-2018:1202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1202"
          },
          {
            "name": "RHSA-2018:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1191"
          },
          {
            "name": "RHSA-2018:1188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1188"
          },
          {
            "name": "RHSA-2018:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1206"
          },
          {
            "name": "RHSA-2018:1270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1270"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u171"
            },
            {
              "status": "affected",
              "version": "8u162"
            },
            {
              "status": "affected",
              "version": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
            }
          ]
        }
      ],
      "datePublic": "2018-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-20T00:06:06",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2018:1278",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1278"
        },
        {
          "name": "DSA-4185",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4185"
        },
        {
          "name": "RHSA-2018:1975",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1975"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
        },
        {
          "name": "GLSA-201903-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-14"
        },
        {
          "name": "103868",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103868"
        },
        {
          "name": "DSA-4225",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4225"
        },
        {
          "name": "1040697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040697"
        },
        {
          "name": "RHSA-2018:1724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1724"
        },
        {
          "name": "USN-3644-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3644-1/"
        },
        {
          "name": "RHSA-2018:1723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1723"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
        },
        {
          "name": "RHSA-2018:1201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "RHSA-2018:1204",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2018:1722",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1722"
        },
        {
          "name": "RHSA-2018:1974",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1974"
        },
        {
          "name": "RHSA-2018:1721",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1721"
        },
        {
          "name": "USN-3691-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3691-1/"
        },
        {
          "name": "RHSA-2018:1202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1202"
        },
        {
          "name": "RHSA-2018:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1191"
        },
        {
          "name": "RHSA-2018:1188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1188"
        },
        {
          "name": "RHSA-2018:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1206"
        },
        {
          "name": "RHSA-2018:1270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1270"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2796",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u162"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10; Java SE Embedded: 8u161; JRockit: R28.3.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1278",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1278"
            },
            {
              "name": "DSA-4185",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4185"
            },
            {
              "name": "RHSA-2018:1975",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1975"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
            },
            {
              "name": "GLSA-201903-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-14"
            },
            {
              "name": "103868",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103868"
            },
            {
              "name": "DSA-4225",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4225"
            },
            {
              "name": "1040697",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040697"
            },
            {
              "name": "RHSA-2018:1724",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1724"
            },
            {
              "name": "USN-3644-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3644-1/"
            },
            {
              "name": "RHSA-2018:1723",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1723"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
            },
            {
              "name": "RHSA-2018:1201",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1201"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "RHSA-2018:1204",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1204"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "RHSA-2018:1722",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1722"
            },
            {
              "name": "RHSA-2018:1974",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1974"
            },
            {
              "name": "RHSA-2018:1721",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1721"
            },
            {
              "name": "USN-3691-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3691-1/"
            },
            {
              "name": "RHSA-2018:1202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1202"
            },
            {
              "name": "RHSA-2018:1191",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1191"
            },
            {
              "name": "RHSA-2018:1188",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1188"
            },
            {
              "name": "RHSA-2018:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1206"
            },
            {
              "name": "RHSA-2018:1270",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1270"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2796",
    "datePublished": "2018-04-19T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-08-05T04:29:44.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-22795
Vulnerability from cvelistv5
Published
2022-03-28 16:25
Modified
2024-08-03 18:51
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
References
https://www.se.com/ww/en/download/document/SEVD-2021-257-03/x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.444Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "StruxureWare Data Center Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "lessThan": "V7.8.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-28T16:25:23",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22795",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "StruxureWare Data Center Expert",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "V7.8.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78 OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2021-22795",
    "datePublished": "2022-03-28T16:25:23",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:51:07.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-2663
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:35
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).
References
http://www.securityfocus.com/bid/102662vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0351vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180117-0001/x_refsource_CONFIRM
https://usn.ubuntu.com/3614-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4166vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0095vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4144vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0521vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0352vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0115vendor-advisory, x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:1812vendor-advisory, x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usx_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0099vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1463vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0458vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0349vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040203vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3613-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:0100vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:29:42.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102662",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102662"
          },
          {
            "name": "RHSA-2018:0351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0351"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
          },
          {
            "name": "USN-3614-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3614-1/"
          },
          {
            "name": "DSA-4166",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4166"
          },
          {
            "name": "RHSA-2018:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0095"
          },
          {
            "name": "DSA-4144",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4144"
          },
          {
            "name": "RHSA-2018:0521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0521"
          },
          {
            "name": "RHSA-2018:0352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0352"
          },
          {
            "name": "RHSA-2018:0115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
          },
          {
            "name": "RHSA-2018:1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
          },
          {
            "name": "RHSA-2018:0099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0099"
          },
          {
            "name": "RHSA-2018:1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1463"
          },
          {
            "name": "RHSA-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0458"
          },
          {
            "name": "RHSA-2018:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0349"
          },
          {
            "name": "1040203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040203"
          },
          {
            "name": "USN-3613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3613-1/"
          },
          {
            "name": "RHSA-2018:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0100"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-2663",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:23:53.770237Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:35:27.942Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u171"
            },
            {
              "status": "affected",
              "version": "7u161"
            },
            {
              "status": "affected",
              "version": "8u152"
            },
            {
              "status": "affected",
              "version": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "102662",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102662"
        },
        {
          "name": "RHSA-2018:0351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0351"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
        },
        {
          "name": "USN-3614-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3614-1/"
        },
        {
          "name": "DSA-4166",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4166"
        },
        {
          "name": "RHSA-2018:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0095"
        },
        {
          "name": "DSA-4144",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4144"
        },
        {
          "name": "RHSA-2018:0521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0521"
        },
        {
          "name": "RHSA-2018:0352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0352"
        },
        {
          "name": "RHSA-2018:0115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
        },
        {
          "name": "RHSA-2018:1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
        },
        {
          "name": "RHSA-2018:0099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0099"
        },
        {
          "name": "RHSA-2018:1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1463"
        },
        {
          "name": "RHSA-2018:0458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0458"
        },
        {
          "name": "RHSA-2018:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0349"
        },
        {
          "name": "1040203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040203"
        },
        {
          "name": "USN-3613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3613-1/"
        },
        {
          "name": "RHSA-2018:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-2663",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u171"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7u161"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u152"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102662",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102662"
            },
            {
              "name": "RHSA-2018:0351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0351"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
            },
            {
              "name": "USN-3614-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3614-1/"
            },
            {
              "name": "DSA-4166",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4166"
            },
            {
              "name": "RHSA-2018:0095",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0095"
            },
            {
              "name": "DSA-4144",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4144"
            },
            {
              "name": "RHSA-2018:0521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0521"
            },
            {
              "name": "RHSA-2018:0352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0352"
            },
            {
              "name": "RHSA-2018:0115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0115"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
            },
            {
              "name": "RHSA-2018:1812",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1812"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
            },
            {
              "name": "RHSA-2018:0099",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0099"
            },
            {
              "name": "RHSA-2018:1463",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1463"
            },
            {
              "name": "RHSA-2018:0458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0458"
            },
            {
              "name": "RHSA-2018:0349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0349"
            },
            {
              "name": "1040203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040203"
            },
            {
              "name": "USN-3613-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3613-1/"
            },
            {
              "name": "RHSA-2018:0100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-2663",
    "datePublished": "2018-01-18T02:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-10-03T20:35:27.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2018-07-10 21:29
Modified
2024-11-21 04:05
Severity ?
5.6 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
References
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2384Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2390Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2395Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2019:1946Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2020:0174Third Party Advisory
secure@intel.comhttps://cdrdv2.intel.com/v1/dl/getContent/685359Third Party Advisory
secure@intel.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secure@intel.comhttps://security.netapp.com/advisory/ntap-20180823-0001/Third Party Advisory
secure@intel.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
secure@intel.comhttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
secure@intel.comhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2384Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2390Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2395Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1946Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0174Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cdrdv2.intel.com/v1/dl/getContent/685359Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180823-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
intel atom_c c2308
intel atom_c c2316
intel atom_c c2338
intel atom_c c2350
intel atom_c c2358
intel atom_c c2508
intel atom_c c2516
intel atom_c c2518
intel atom_c c2530
intel atom_c c2538
intel atom_c c2550
intel atom_c c2558
intel atom_c c2718
intel atom_c c2730
intel atom_c c2738
intel atom_c c2750
intel atom_c c2758
intel atom_c c3308
intel atom_c c3338
intel atom_c c3508
intel atom_c c3538
intel atom_c c3558
intel atom_c c3708
intel atom_c c3750
intel atom_c c3758
intel atom_c c3808
intel atom_c c3830
intel atom_c c3850
intel atom_c c3858
intel atom_c c3950
intel atom_c c3955
intel atom_c c3958
intel atom_e e3805
intel atom_e e3815
intel atom_e e3825
intel atom_e e3826
intel atom_e e3827
intel atom_e e3845
intel atom_x3 c3130
intel atom_x3 c3200rk
intel atom_x3 c3205rk
intel atom_x3 c3230rk
intel atom_x3 c3235rk
intel atom_x3 c3265rk
intel atom_x3 c3295rk
intel atom_x3 c3405
intel atom_x3 c3445
intel atom_z z2420
intel atom_z z2460
intel atom_z z2480
intel atom_z z2520
intel atom_z z2560
intel atom_z z2580
intel atom_z z2760
intel atom_z z3460
intel atom_z z3480
intel atom_z z3530
intel atom_z z3560
intel atom_z z3570
intel atom_z z3580
intel atom_z z3590
intel atom_z z3735d
intel atom_z z3735e
intel atom_z z3735f
intel atom_z z3735g
intel atom_z z3736f
intel atom_z z3736g
intel atom_z z3740
intel atom_z z3740d
intel atom_z z3745
intel atom_z z3745d
intel atom_z z3770
intel atom_z z3770d
intel atom_z z3775
intel atom_z z3775d
intel atom_z z3785
intel atom_z z3795
intel celeron_j j1750
intel celeron_j j1800
intel celeron_j j1850
intel celeron_j j1900
intel celeron_j j3060
intel celeron_j j3160
intel celeron_j j3355
intel celeron_j j3455
intel celeron_j j4005
intel celeron_j j4105
intel celeron_n n2805
intel celeron_n n2806
intel celeron_n n2807
intel celeron_n n2808
intel celeron_n n2810
intel celeron_n n2815
intel celeron_n n2820
intel celeron_n n2830
intel celeron_n n2840
intel celeron_n n2910
intel celeron_n n2920
intel celeron_n n2930
intel celeron_n n2940
intel celeron_n n3000
intel celeron_n n3010
intel celeron_n n3050
intel celeron_n n3060
intel celeron_n n3150
intel celeron_n n3160
intel celeron_n n3350
intel celeron_n n3450
intel celeron_n n4000
intel celeron_n n4100
intel core_i3 330e
intel core_i3 330m
intel core_i3 330um
intel core_i3 350m
intel core_i3 370m
intel core_i3 380m
intel core_i3 380um
intel core_i3 390m
intel core_i3 530
intel core_i3 540
intel core_i3 550
intel core_i3 560
intel core_i3 2100
intel core_i3 2100t
intel core_i3 2102
intel core_i3 2105
intel core_i3 2115c
intel core_i3 2120
intel core_i3 2120t
intel core_i3 2125
intel core_i3 2130
intel core_i3 2310e
intel core_i3 2310m
intel core_i3 2312m
intel core_i3 2328m
intel core_i3 2330e
intel core_i3 2330m
intel core_i3 2340ue
intel core_i3 2348m
intel core_i3 2350m
intel core_i3 2357m
intel core_i3 2365m
intel core_i3 2367m
intel core_i3 2370m
intel core_i3 2375m
intel core_i3 2377m
intel core_i3 3110m
intel core_i3 3115c
intel core_i3 3120m
intel core_i3 3120me
intel core_i3 3130m
intel core_i3 3210
intel core_i3 3217u
intel core_i3 3217ue
intel core_i3 3220
intel core_i3 3220t
intel core_i3 3225
intel core_i3 3227u
intel core_i3 3229y
intel core_i3 3240
intel core_i3 3240t
intel core_i3 3245
intel core_i3 3250
intel core_i3 3250t
intel core_i3 4000m
intel core_i3 4005u
intel core_i3 4010u
intel core_i3 4010y
intel core_i3 4012y
intel core_i3 4020y
intel core_i3 4025u
intel core_i3 4030u
intel core_i3 4030y
intel core_i3 4100e
intel core_i3 4100m
intel core_i3 4100u
intel core_i3 4102e
intel core_i3 4110e
intel core_i3 4110m
intel core_i3 4112e
intel core_i3 4120u
intel core_i3 4130
intel core_i3 4130t
intel core_i3 4150
intel core_i3 4150t
intel core_i3 4158u
intel core_i3 4160
intel core_i3 4160t
intel core_i3 4170
intel core_i3 4170t
intel core_i3 4330
intel core_i3 4330t
intel core_i3 4330te
intel core_i3 4340
intel core_i3 4340te
intel core_i3 4350
intel core_i3 4350t
intel core_i3 4360
intel core_i3 4360t
intel core_i3 4370
intel core_i3 4370t
intel core_i3 5005u
intel core_i3 5010u
intel core_i3 5015u
intel core_i3 5020u
intel core_i3 5157u
intel core_i3 6006u
intel core_i3 6098p
intel core_i3 6100
intel core_i3 6100e
intel core_i3 6100h
intel core_i3 6100t
intel core_i3 6100te
intel core_i3 6100u
intel core_i3 6102e
intel core_i3 6157u
intel core_i3 6167u
intel core_i3 6300
intel core_i3 6300t
intel core_i3 6320
intel core_i3 8100
intel core_i3 8350k
intel core_i5 430m
intel core_i5 430um
intel core_i5 450m
intel core_i5 460m
intel core_i5 470um
intel core_i5 480m
intel core_i5 520e
intel core_i5 520m
intel core_i5 520um
intel core_i5 540m
intel core_i5 540um
intel core_i5 560m
intel core_i5 560um
intel core_i5 580m
intel core_i5 650
intel core_i5 655k
intel core_i5 660
intel core_i5 661
intel core_i5 670
intel core_i5 680
intel core_i5 750
intel core_i5 750s
intel core_i5 760
intel core_i5 2300
intel core_i5 2310
intel core_i5 2320
intel core_i5 2380p
intel core_i5 2390t
intel core_i5 2400
intel core_i5 2400s
intel core_i5 2405s
intel core_i5 2410m
intel core_i5 2430m
intel core_i5 2435m
intel core_i5 2450m
intel core_i5 2450p
intel core_i5 2467m
intel core_i5 2500
intel core_i5 2500k
intel core_i5 2500s
intel core_i5 2500t
intel core_i5 2510e
intel core_i5 2515e
intel core_i5 2520m
intel core_i5 2537m
intel core_i5 2540m
intel core_i5 2550k
intel core_i5 2557m
intel core_i5 3210m
intel core_i5 3230m
intel core_i5 3317u
intel core_i5 3320m
intel core_i5 3330
intel core_i5 3330s
intel core_i5 3337u
intel core_i5 3339y
intel core_i5 3340
intel core_i5 3340m
intel core_i5 3340s
intel core_i5 3350p
intel core_i5 3360m
intel core_i5 3380m
intel core_i5 3427u
intel core_i5 3437u
intel core_i5 3439y
intel core_i5 3450
intel core_i5 3450s
intel core_i5 3470
intel core_i5 3470s
intel core_i5 3470t
intel core_i5 3475s
intel core_i5 3550
intel core_i5 3550s
intel core_i5 3570
intel core_i5 3570k
intel core_i5 3570s
intel core_i5 3570t
intel core_i5 3610me
intel core_i5 4200h
intel core_i5 4200m
intel core_i5 4200u
intel core_i5 4200y
intel core_i5 4202y
intel core_i5 4210h
intel core_i5 4210m
intel core_i5 4210u
intel core_i5 4210y
intel core_i5 4220y
intel core_i5 4250u
intel core_i5 4258u
intel core_i5 4260u
intel core_i5 4278u
intel core_i5 4288u
intel core_i5 4300m
intel core_i5 4300u
intel core_i5 4300y
intel core_i5 4302y
intel core_i5 4308u
intel core_i5 4310m
intel core_i5 4310u
intel core_i5 4330m
intel core_i5 4340m
intel core_i5 4350u
intel core_i5 4360u
intel core_i5 4400e
intel core_i5 4402e
intel core_i5 4402ec
intel core_i5 4410e
intel core_i5 4422e
intel core_i5 4430
intel core_i5 4430s
intel core_i5 4440
intel core_i5 4440s
intel core_i5 4460
intel core_i5 4460s
intel core_i5 4460t
intel core_i5 4570
intel core_i5 4570r
intel core_i5 4570s
intel core_i5 4570t
intel core_i5 4570te
intel core_i5 4590
intel core_i5 4590s
intel core_i5 4590t
intel core_i5 4670
intel core_i5 4670k
intel core_i5 4670r
intel core_i5 4670s
intel core_i5 4670t
intel core_i5 4690
intel core_i5 4690k
intel core_i5 4690s
intel core_i5 4690t
intel core_i5 5200u
intel core_i5 5250u
intel core_i5 5257u
intel core_i5 5287u
intel core_i5 5300u
intel core_i5 5350h
intel core_i5 5350u
intel core_i5 5575r
intel core_i5 5675c
intel core_i5 5675r
intel core_i5 6200u
intel core_i5 6260u
intel core_i5 6267u
intel core_i5 6287u
intel core_i5 6300hq
intel core_i5 6300u
intel core_i5 6350hq
intel core_i5 6360u
intel core_i5 6400
intel core_i5 6400t
intel core_i5 6402p
intel core_i5 6440eq
intel core_i5 6440hq
intel core_i5 6442eq
intel core_i5 6500
intel core_i5 6500t
intel core_i5 6500te
intel core_i5 6585r
intel core_i5 6600
intel core_i5 6600k
intel core_i5 6600t
intel core_i5 6685r
intel core_i5 8250u
intel core_i5 8350u
intel core_i5 8400
intel core_i5 8600k
intel core_i7 7y75
intel core_i7 610e
intel core_i7 620le
intel core_i7 620lm
intel core_i7 620m
intel core_i7 620ue
intel core_i7 620um
intel core_i7 640lm
intel core_i7 640m
intel core_i7 640um
intel core_i7 660lm
intel core_i7 660ue
intel core_i7 660um
intel core_i7 680um
intel core_i7 720qm
intel core_i7 740qm
intel core_i7 820qm
intel core_i7 840qm
intel core_i7 860
intel core_i7 860s
intel core_i7 870
intel core_i7 870s
intel core_i7 875k
intel core_i7 880
intel core_i7 920
intel core_i7 920xm
intel core_i7 930
intel core_i7 940
intel core_i7 940xm
intel core_i7 950
intel core_i7 960
intel core_i7 965
intel core_i7 970
intel core_i7 975
intel core_i7 980
intel core_i7 980x
intel core_i7 990x
intel core_i7 2600
intel core_i7 2600k
intel core_i7 2600s
intel core_i7 2610ue
intel core_i7 2617m
intel core_i7 2620m
intel core_i7 2629m
intel core_i7 2630qm
intel core_i7 2635qm
intel core_i7 2637m
intel core_i7 2640m
intel core_i7 2649m
intel core_i7 2655le
intel core_i7 2657m
intel core_i7 2670qm
intel core_i7 2675qm
intel core_i7 2677m
intel core_i7 2700k
intel core_i7 2710qe
intel core_i7 2715qe
intel core_i7 2720qm
intel core_i7 2760qm
intel core_i7 2820qm
intel core_i7 2860qm
intel core_i7 2920xm
intel core_i7 2960xm
intel core_i7 3517u
intel core_i7 3517ue
intel core_i7 3520m
intel core_i7 3537u
intel core_i7 3540m
intel core_i7 3555le
intel core_i7 3610qe
intel core_i7 3610qm
intel core_i7 3612qe
intel core_i7 3612qm
intel core_i7 3615qe
intel core_i7 3615qm
intel core_i7 3630qm
intel core_i7 3632qm
intel core_i7 3635qm
intel core_i7 3667u
intel core_i7 3687u
intel core_i7 3689y
intel core_i7 3720qm
intel core_i7 3740qm
intel core_i7 3770
intel core_i7 3770k
intel core_i7 3770s
intel core_i7 3770t
intel core_i7 3820qm
intel core_i7 3840qm
intel core_i7 4500u
intel core_i7 4510u
intel core_i7 4550u
intel core_i7 4558u
intel core_i7 4578u
intel core_i7 4600m
intel core_i7 4600u
intel core_i7 4610m
intel core_i7 4610y
intel core_i7 4650u
intel core_i7 4700ec
intel core_i7 4700eq
intel core_i7 4700hq
intel core_i7 4700mq
intel core_i7 4702ec
intel core_i7 4702hq
intel core_i7 4702mq
intel core_i7 4710hq
intel core_i7 4710mq
intel core_i7 4712hq
intel core_i7 4712mq
intel core_i7 4720hq
intel core_i7 4722hq
intel core_i7 4750hq
intel core_i7 4760hq
intel core_i7 4765t
intel core_i7 4770
intel core_i7 4770hq
intel core_i7 4770k
intel core_i7 4770r
intel core_i7 4770s
intel core_i7 4770t
intel core_i7 4770te
intel core_i7 4771
intel core_i7 4785t
intel core_i7 4790
intel core_i7 4790k
intel core_i7 4790s
intel core_i7 4790t
intel core_i7 4800mq
intel core_i7 4810mq
intel core_i7 4850hq
intel core_i7 4860hq
intel core_i7 4870hq
intel core_i7 4900mq
intel core_i7 4910mq
intel core_i7 4950hq
intel core_i7 4960hq
intel core_i7 4980hq
intel core_i7 5500u
intel core_i7 5550u
intel core_i7 5557u
intel core_i7 5600u
intel core_i7 5650u
intel core_i7 5700eq
intel core_i7 5700hq
intel core_i7 5750hq
intel core_i7 5775c
intel core_i7 5775r
intel core_i7 5850eq
intel core_i7 5850hq
intel core_i7 5950hq
intel core_i7 7500u
intel core_i7 7560u
intel core_i7 7567u
intel core_i7 7600u
intel core_i7 7660u
intel core_i7 7700
intel core_i7 7700hq
intel core_i7 7700k
intel core_i7 7700t
intel core_i7 7820eq
intel core_i7 7820hk
intel core_i7 7820hq
intel core_i7 7920hq
intel core_i7 8550u
intel core_i7 8650u
intel core_i7 8700
intel core_i7 8700k
intel core_m 5y10
intel core_m 5y10a
intel core_m 5y10c
intel core_m 5y31
intel core_m 5y51
intel core_m 5y70
intel core_m 5y71
intel core_m3 6y30
intel core_m3 7y30
intel core_m3 7y32
intel core_m5 6y54
intel core_m5 6y57
intel core_m7 6y75
intel pentium_j j2850
intel pentium_j j2900
intel pentium_j j3710
intel pentium_j j4205
intel pentium_n n3510
intel pentium_n n3520
intel pentium_n n3530
intel pentium_n n3540
intel pentium_n n3700
intel pentium_n n3710
intel pentium_n n4200
intel xeon e5502
intel xeon e5503
intel xeon e5504
intel xeon e5506
intel xeon e5507
intel xeon e5520
intel xeon e5530
intel xeon e5540
intel xeon e5603
intel xeon e5606
intel xeon e5607
intel xeon e5620
intel xeon e5630
intel xeon e5640
intel xeon e5645
intel xeon e5649
intel xeon e6510
intel xeon e6540
intel xeon e7520
intel xeon e7530
intel xeon e7540
intel xeon ec5509
intel xeon ec5539
intel xeon ec5549
intel xeon l3406
intel xeon l3426
intel xeon l5506
intel xeon l5508
intel xeon l5518
intel xeon l5520
intel xeon l5530
intel xeon l5609
intel xeon l5618
intel xeon l5630
intel xeon l5638
intel xeon l5640
intel xeon l7545
intel xeon l7555
intel xeon lc5518
intel xeon lc5528
intel xeon w3670
intel xeon w3680
intel xeon w3690
intel xeon w5580
intel xeon w5590
intel xeon x3430
intel xeon x3440
intel xeon x3450
intel xeon x3460
intel xeon x3470
intel xeon x3480
intel xeon x5550
intel xeon x5560
intel xeon x5570
intel xeon x5647
intel xeon x5650
intel xeon x5660
intel xeon x5667
intel xeon x5670
intel xeon x5672
intel xeon x5675
intel xeon x5677
intel xeon x5680
intel xeon x5687
intel xeon x5690
intel xeon x6550
intel xeon x7542
intel xeon x7550
intel xeon x7560
intel xeon_bronze_3104 -
intel xeon_bronze_3106 -
intel xeon_e-1105c -
intel xeon_e3 1505m_v6
intel xeon_e3 1515m_v5
intel xeon_e3 1535m_v5
intel xeon_e3 1535m_v6
intel xeon_e3 1545m_v5
intel xeon_e3 1558l_v5
intel xeon_e3 1565l_v5
intel xeon_e3 1575m_v5
intel xeon_e3 1578l_v5
intel xeon_e3 1585_v5
intel xeon_e3 1585l_v5
intel xeon_e3_1105c_v2 -
intel xeon_e3_1125c -
intel xeon_e3_1125c_v2 -
intel xeon_e3_1220 -
intel xeon_e3_1220_v2 -
intel xeon_e3_1220_v3 -
intel xeon_e3_1220_v5 -
intel xeon_e3_1220_v6 -
intel xeon_e3_12201 -
intel xeon_e3_12201_v2 -
intel xeon_e3_1220l_v3 -
intel xeon_e3_1225 -
intel xeon_e3_1225_v2 -
intel xeon_e3_1225_v3 -
intel xeon_e3_1225_v5 -
intel xeon_e3_1225_v6 -
intel xeon_e3_1226_v3 -
intel xeon_e3_1230 -
intel xeon_e3_1230_v2 -
intel xeon_e3_1230_v3 -
intel xeon_e3_1230_v5 -
intel xeon_e3_1230_v6 -
intel xeon_e3_1230l_v3 -
intel xeon_e3_1231_v3 -
intel xeon_e3_1235 -
intel xeon_e3_1235l_v5 -
intel xeon_e3_1240 -
intel xeon_e3_1240_v2 -
intel xeon_e3_1240_v3 -
intel xeon_e3_1240_v5 -
intel xeon_e3_1240_v6 -
intel xeon_e3_1240l_v3 -
intel xeon_e3_1240l_v5 -
intel xeon_e3_1241_v3 -
intel xeon_e3_1245 -
intel xeon_e3_1245_v2 -
intel xeon_e3_1245_v3 -
intel xeon_e3_1245_v5 -
intel xeon_e3_1245_v6 -
intel xeon_e3_1246_v3 -
intel xeon_e3_1258l_v4 -
intel xeon_e3_1260l -
intel xeon_e3_1260l_v5 -
intel xeon_e3_1265l_v2 -
intel xeon_e3_1265l_v3 -
intel xeon_e3_1265l_v4 -
intel xeon_e3_1268l_v3 -
intel xeon_e3_1268l_v5 -
intel xeon_e3_1270 -
intel xeon_e3_1270_v2 -
intel xeon_e3_1270_v3 -
intel xeon_e3_1270_v5 -
intel xeon_e3_1270_v6 -
intel xeon_e3_1271_v3 -
intel xeon_e3_1275 -
intel xeon_e3_1275_v2 -
intel xeon_e3_1275_v3 -
intel xeon_e3_1275_v5 -
intel xeon_e3_1275_v6 -
intel xeon_e3_1275l_v3 -
intel xeon_e3_1276_v3 -
intel xeon_e3_1278l_v4 -
intel xeon_e3_1280 -
intel xeon_e3_1280_v2 -
intel xeon_e3_1280_v3 -
intel xeon_e3_1280_v5 -
intel xeon_e3_1280_v6 -
intel xeon_e3_1281_v3 -
intel xeon_e3_1285_v3 -
intel xeon_e3_1285_v4 -
intel xeon_e3_1285_v6 -
intel xeon_e3_1285l_v3 -
intel xeon_e3_1285l_v4 -
intel xeon_e3_1286_v3 -
intel xeon_e3_1286l_v3 -
intel xeon_e3_1290 -
intel xeon_e3_1290_v2 -
intel xeon_e3_1501l_v6 -
intel xeon_e3_1501m_v6 -
intel xeon_e3_1505l_v5 -
intel xeon_e3_1505l_v6 -
intel xeon_e3_1505m_v5 -
intel xeon_e5 2650l_v4
intel xeon_e5 2658
intel xeon_e5 2658_v2
intel xeon_e5 2658_v3
intel xeon_e5 2658_v4
intel xeon_e5 2658a_v3
intel xeon_e5 2660
intel xeon_e5 2660_v2
intel xeon_e5 2660_v3
intel xeon_e5 2660_v4
intel xeon_e5 2665
intel xeon_e5 2667
intel xeon_e5 2667_v2
intel xeon_e5 2667_v3
intel xeon_e5 2667_v4
intel xeon_e5 2670
intel xeon_e5 2670_v2
intel xeon_e5 2670_v3
intel xeon_e5 2680
intel xeon_e5 2680_v2
intel xeon_e5 2680_v3
intel xeon_e5 2680_v4
intel xeon_e5 2683_v3
intel xeon_e5 2683_v4
intel xeon_e5 2687w
intel xeon_e5 2687w_v2
intel xeon_e5 2687w_v3
intel xeon_e5 2687w_v4
intel xeon_e5 2690
intel xeon_e5 2690_v2
intel xeon_e5 2690_v3
intel xeon_e5 2690_v4
intel xeon_e5 2695_v2
intel xeon_e5 2695_v3
intel xeon_e5 2695_v4
intel xeon_e5 2697_v2
intel xeon_e5 2697_v3
intel xeon_e5 2697_v4
intel xeon_e5 2697a_v4
intel xeon_e5 2698_v3
intel xeon_e5 2698_v4
intel xeon_e5 2699_v3
intel xeon_e5 2699_v4
intel xeon_e5 2699a_v4
intel xeon_e5 2699r_v4
intel xeon_e5 4603
intel xeon_e5 4603_v2
intel xeon_e5 4607
intel xeon_e5 4607_v2
intel xeon_e5 4610
intel xeon_e5 4610_v2
intel xeon_e5 4610_v3
intel xeon_e5 4610_v4
intel xeon_e5 4617
intel xeon_e5 4620
intel xeon_e5 4620_v2
intel xeon_e5 4620_v3
intel xeon_e5 4620_v4
intel xeon_e5 4624l_v2
intel xeon_e5 4627_v2
intel xeon_e5 4627_v3
intel xeon_e5 4627_v4
intel xeon_e5 4628l_v4
intel xeon_e5 4640
intel xeon_e5 4640_v2
intel xeon_e5 4640_v3
intel xeon_e5 4640_v4
intel xeon_e5 4648_v3
intel xeon_e5 4650
intel xeon_e5 4650_v2
intel xeon_e5 4650_v3
intel xeon_e5 4650_v4
intel xeon_e5 4650l
intel xeon_e5 4655_v3
intel xeon_e5 4655_v4
intel xeon_e5 4657l_v2
intel xeon_e5 4660_v3
intel xeon_e5 4660_v4
intel xeon_e5 4667_v3
intel xeon_e5 4667_v4
intel xeon_e5 4669_v3
intel xeon_e5 4669_v4
intel xeon_e5_1428l -
intel xeon_e5_1428l_v2 -
intel xeon_e5_1428l_v3 -
intel xeon_e5_1620 -
intel xeon_e5_1620_v2 -
intel xeon_e5_1620_v3 -
intel xeon_e5_1620_v4 -
intel xeon_e5_1630_v3 -
intel xeon_e5_1630_v4 -
intel xeon_e5_1650 -
intel xeon_e5_1650_v2 -
intel xeon_e5_1650_v3 -
intel xeon_e5_1650_v4 -
intel xeon_e5_1660 -
intel xeon_e5_1660_v2 -
intel xeon_e5_1660_v3 -
intel xeon_e5_1660_v4 -
intel xeon_e5_1680_v3 -
intel xeon_e5_1680_v4 -
intel xeon_e5_2403 -
intel xeon_e5_2403_v2 -
intel xeon_e5_2407 -
intel xeon_e5_2407_v2 -
intel xeon_e5_2408l_v3 -
intel xeon_e5_2418l -
intel xeon_e5_2418l_v2 -
intel xeon_e5_2418l_v3 -
intel xeon_e5_2420 -
intel xeon_e5_2420_v2 -
intel xeon_e5_2428l -
intel xeon_e5_2428l_v2 -
intel xeon_e5_2428l_v3 -
intel xeon_e5_2430 -
intel xeon_e5_2430_v2 -
intel xeon_e5_2430l -
intel xeon_e5_2430l_v2 -
intel xeon_e5_2438l_v3 -
intel xeon_e5_2440 -
intel xeon_e5_2440_v2 -
intel xeon_e5_2448l -
intel xeon_e5_2448l_v2 -
intel xeon_e5_2450 -
intel xeon_e5_2450_v2 -
intel xeon_e5_2450l -
intel xeon_e5_2450l_v2 -
intel xeon_e5_2470 -
intel xeon_e5_2470_v2 -
intel xeon_e5_2603 -
intel xeon_e5_2603_v2 -
intel xeon_e5_2603_v3 -
intel xeon_e5_2603_v4 -
intel xeon_e5_2608l_v3 -
intel xeon_e5_2608l_v4 -
intel xeon_e5_2609 -
intel xeon_e5_2609_v2 -
intel xeon_e5_2609_v3 -
intel xeon_e5_2609_v4 -
intel xeon_e5_2618l_v2 -
intel xeon_e5_2618l_v3 -
intel xeon_e5_2618l_v4 -
intel xeon_e5_2620 -
intel xeon_e5_2620_v2 -
intel xeon_e5_2620_v3 -
intel xeon_e5_2620_v4 -
intel xeon_e5_2623_v3 -
intel xeon_e5_2623_v4 -
intel xeon_e5_2628l_v2 -
intel xeon_e5_2628l_v3 -
intel xeon_e5_2628l_v4 -
intel xeon_e5_2630 -
intel xeon_e5_2630_v2 -
intel xeon_e5_2630_v3 -
intel xeon_e5_2630_v4 -
intel xeon_e5_2630l -
intel xeon_e5_2630l_v2 -
intel xeon_e5_2630l_v3 -
intel xeon_e5_2630l_v4 -
intel xeon_e5_2637 -
intel xeon_e5_2637_v2 -
intel xeon_e5_2637_v3 -
intel xeon_e5_2637_v4 -
intel xeon_e5_2640 -
intel xeon_e5_2640_v2 -
intel xeon_e5_2640_v3 -
intel xeon_e5_2640_v4 -
intel xeon_e5_2643 -
intel xeon_e5_2643_v2 -
intel xeon_e5_2643_v3 -
intel xeon_e5_2643_v4 -
intel xeon_e5_2648l -
intel xeon_e5_2648l_v2 -
intel xeon_e5_2648l_v3 -
intel xeon_e5_2648l_v4 -
intel xeon_e5_2650 -
intel xeon_e5_2650_v2 -
intel xeon_e5_2650_v3 -
intel xeon_e5_2650_v4 -
intel xeon_e5_2650l -
intel xeon_e5_2650l_v2 -
intel xeon_e5_2650l_v3 -
intel xeon_e7 2803
intel xeon_e7 2820
intel xeon_e7 2830
intel xeon_e7 2850
intel xeon_e7 2850_v2
intel xeon_e7 2860
intel xeon_e7 2870
intel xeon_e7 2870_v2
intel xeon_e7 2880_v2
intel xeon_e7 2890_v2
intel xeon_e7 4807
intel xeon_e7 4809_v2
intel xeon_e7 4809_v3
intel xeon_e7 4809_v4
intel xeon_e7 4820
intel xeon_e7 4820_v2
intel xeon_e7 4820_v3
intel xeon_e7 4820_v4
intel xeon_e7 4830
intel xeon_e7 4830_v2
intel xeon_e7 4830_v3
intel xeon_e7 4830_v4
intel xeon_e7 4850
intel xeon_e7 4850_v2
intel xeon_e7 4850_v3
intel xeon_e7 4850_v4
intel xeon_e7 4860
intel xeon_e7 4860_v2
intel xeon_e7 4870
intel xeon_e7 4870_v2
intel xeon_e7 4880_v2
intel xeon_e7 4890_v2
intel xeon_e7 8830
intel xeon_e7 8837
intel xeon_e7 8850
intel xeon_e7 8850_v2
intel xeon_e7 8857_v2
intel xeon_e7 8860
intel xeon_e7 8860_v3
intel xeon_e7 8860_v4
intel xeon_e7 8867_v3
intel xeon_e7 8867_v4
intel xeon_e7 8867l
intel xeon_e7 8870
intel xeon_e7 8870_v2
intel xeon_e7 8870_v3
intel xeon_e7 8870_v4
intel xeon_e7 8880_v2
intel xeon_e7 8880_v3
intel xeon_e7 8880_v4
intel xeon_e7 8880l_v2
intel xeon_e7 8880l_v3
intel xeon_e7 8890_v2
intel xeon_e7 8890_v3
intel xeon_e7 8890_v4
intel xeon_e7 8891_v2
intel xeon_e7 8891_v3
intel xeon_e7 8891_v4
intel xeon_e7 8893_v2
intel xeon_e7 8893_v3
intel xeon_e7 8893_v4
intel xeon_e7 8894_v4
intel xeon_gold 5115
intel xeon_gold 5118
intel xeon_gold 5119t
intel xeon_gold 5120
intel xeon_gold 5120t
intel xeon_gold 5122
intel xeon_gold 6126
intel xeon_gold 6126f
intel xeon_gold 6126t
intel xeon_gold 6128
intel xeon_gold 6130
intel xeon_gold 6130f
intel xeon_gold 6130t
intel xeon_gold 6132
intel xeon_gold 6134
intel xeon_gold 6134m
intel xeon_gold 6136
intel xeon_gold 6138
intel xeon_gold 6138f
intel xeon_gold 6138t
intel xeon_gold 6140
intel xeon_gold 6140m
intel xeon_gold 6142
intel xeon_gold 6142f
intel xeon_gold 6142m
intel xeon_gold 6144
intel xeon_gold 6146
intel xeon_gold 6148
intel xeon_gold 6148f
intel xeon_gold 6150
intel xeon_gold 6152
intel xeon_gold 6154
intel xeon_phi 7210
intel xeon_phi 7210f
intel xeon_phi 7230
intel xeon_phi 7230f
intel xeon_phi 7235
intel xeon_phi 7250
intel xeon_phi 7250f
intel xeon_phi 7285
intel xeon_phi 7290
intel xeon_phi 7290f
intel xeon_phi 7295
intel xeon_platinum 8153
intel xeon_platinum 8156
intel xeon_platinum 8158
intel xeon_platinum 8160
intel xeon_platinum 8160f
intel xeon_platinum 8160m
intel xeon_platinum 8160t
intel xeon_platinum 8164
intel xeon_platinum 8168
intel xeon_platinum 8170
intel xeon_platinum 8170m
intel xeon_platinum 8176
intel xeon_platinum 8176f
intel xeon_platinum 8176m
intel xeon_platinum 8180
intel xeon_silver 4108
intel xeon_silver 4109t
intel xeon_silver 4110
intel xeon_silver 4112
intel xeon_silver 4114
intel xeon_silver 4114t
intel xeon_silver 4116
intel xeon_silver 4116t
arm cortex-a 8
arm cortex-a 9
arm cortex-a 12
arm cortex-a 15
arm cortex-a 17
arm cortex-a 57
arm cortex-a 72
arm cortex-a 73
arm cortex-a 75
arm cortex-a 76
arm cortex-r 7
arm cortex-r 8
oracle communications_eagle_application_processor 16.1.0
oracle communications_eagle_application_processor 16.2.0
oracle communications_lsms *
schneider-electric struxureware_data_center_expert 7.6.0
netapp solidfire_element_os_management_node -
redhat enterprise_linux 7.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
fujitsu m12-1_firmware *
fujitsu m12-1 -
fujitsu m12-2_firmware *
fujitsu m12-2 -
fujitsu m12-2s_firmware *
fujitsu m12-2s -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD028C10-FD07-4206-A732-CCAC1B6D043D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2316:*:*:*:*:*:*:*",
              "matchCriteriaId": "704FAA50-1B7D-4917-AC4A-4C58785340F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2338:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C6B95D3-75BD-4826-BFBE-9701CC0FF052",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2350:*:*:*:*:*:*:*",
              "matchCriteriaId": "F66E31A6-EA01-40C8-8718-CE2C1F45EEB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2358:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBBE3B05-2063-49DE-A1D3-9D0A62E0CF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2508:*:*:*:*:*:*:*",
              "matchCriteriaId": "022F2CBE-EFB1-4962-AC91-D25AAB057DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2516:*:*:*:*:*:*:*",
              "matchCriteriaId": "69C05CD9-551B-46EE-85F8-D18FF878FE8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2518:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DCCB5A5-20E3-4EC5-956C-EA7C0F33A026",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2530:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C38C609-242E-4923-A81F-DAFBE7B6A927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2538:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AEB08B5-7CBA-479A-A41B-FD8A6D9E0875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2550:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8C4FDD7-F2EC-4EDB-ACC9-3D6B9152C855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2558:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E51DD0B-1EED-4BE9-B0A7-BE2E91CCA84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2718:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7AC7C56-2205-4121-99E2-001A7488E0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2730:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1677313-FF8F-493B-9DA3-C78F87581A17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2738:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B2A3CCE-FA57-43B5-B7DE-CFD0CC2ECD7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2750:*:*:*:*:*:*:*",
              "matchCriteriaId": "85CA4444-5103-4451-8A7C-F6BBE714BBB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2758:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA1EB745-46D7-4088-93C6-E7156520B144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93010C0-33B3-438F-94F6-8DA7A9D7B451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A988A78-6B3D-4599-A85C-42B4A294D86D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D7C5EF4-3A92-4AF7-9B11-62B4FFDC5128",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*",
              "matchCriteriaId": "246AA1B0-B6C8-406B-817D-26113DC63858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*",
              "matchCriteriaId": "00EE5B42-FF05-447C-BACC-0E650E773E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0779CC9-BD39-4E0B-B523-A6C69F9EBB0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1F0E3C4-7E9B-435F-907E-4BF4F12AF314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D616C72-0863-478C-9E87-3963C83B87E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC333B0D-3A0E-4629-8016-68C060343874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*",
              "matchCriteriaId": "6655535C-FF64-4F9E-8168-253AABCC4F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1EDEA1E-9A19-4B3F-806E-D770D1AB4C73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBD68F3F-7E38-40B9-A20B-B9BB45E8D042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EACEF19-83BC-4579-9274-BE367F914432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC73291-AA6F-40B0-860A-1F2E6AB1E2AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*",
              "matchCriteriaId": "24128A7F-2B0B-4923-BA9E-9F5093D29423",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*",
              "matchCriteriaId": "0990DD71-9E83-499D-9DAF-A466CF896CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7FEDEF-9772-4FB1-9261-020487A795AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE7B0F72-DEDF-40C4-887C-83725C52C92E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*",
              "matchCriteriaId": "9568C222-9816-4520-B01C-C1DC2A79002D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B2F8FAD-1688-4369-BB4B-9FA9F30A80A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A1F23D-7226-4479-B51F-36376CC80B04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3130:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAB245C8-9918-41A0-9DFB-A11E4185C87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3200rk:*:*:*:*:*:*:*",
              "matchCriteriaId": "9990DD08-BD81-4BFA-B3D4-0DECBF8CCC54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3205rk:*:*:*:*:*:*:*",
              "matchCriteriaId": "F752A3C8-18ED-4765-B6EC-C664154EB701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3230rk:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F31C3F-7C0D-4D95-B4B9-89FD38076913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3235rk:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BEEE36E-E735-4A33-80B7-9407D072F6BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3265rk:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CB3D3DE-21BE-40C7-A510-AC97C92390DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3295rk:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9A9545-38A3-460D-AB1A-8B03BEB405A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3405:*:*:*:*:*:*:*",
              "matchCriteriaId": "1860D932-777D-41F2-94A2-D14AB1494AA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3445:*:*:*:*:*:*:*",
              "matchCriteriaId": "75165A10-2FD5-4370-814C-B60FDE339AFF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*",
              "matchCriteriaId": "65AAC7A7-77CA-4C6C-BD96-92A253512F09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD16C07-0050-495A-8722-7AC46F5920F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*",
              "matchCriteriaId": "01423706-C82C-4457-9638-1A2380DE3826",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*",
              "matchCriteriaId": "A881E2D3-A668-465F-862B-F8C145BD5E8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5B9B98-0EF0-4ACD-B378-F9DE5AB36CBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDC6806-E4FC-4A6E-A6BB-88C18E47ABFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*",
              "matchCriteriaId": "6602DD69-E59A-417D-B19F-CA16B01E652C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*",
              "matchCriteriaId": "05C493EE-EF9F-47E2-8F88-86DF6C5F1FF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*",
              "matchCriteriaId": "40010DAE-DD1A-4A81-B6E9-EDC1B0DDCAB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED96AC16-12CC-43F6-ACC8-009A06CDD8F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE9DC29-C192-4553-AF29-D39290976F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*",
              "matchCriteriaId": "F625E647-B47E-404C-9C5B-72F3EB1C46F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AF3279-89E7-4C91-8C5F-5AD5937CD0C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5878612-9825-4737-85A5-8227BA97CBA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*",
              "matchCriteriaId": "F453D348-28CE-402B-9D40-A29436A24ECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*",
              "matchCriteriaId": "36322F4B-83D7-468A-BB34-1C03729E9BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AD22811-C3C6-4B5E-98D5-D3F2240E6C8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C7D0BA-8F07-42AD-8BB9-C65472BE41C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A2A50E-94FA-44E9-A45D-3016750CFBDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*",
              "matchCriteriaId": "5625CAD8-4A62-4747-B6D9-90E56F09B731",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*",
              "matchCriteriaId": "43A234CE-D6AA-4A32-8425-1A4DDA0F6B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*",
              "matchCriteriaId": "78DE1A01-3AEF-41E6-97EE-CB93429C4A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*",
              "matchCriteriaId": "410184AF-B932-4AC9-984F-73FD58BB4CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*",
              "matchCriteriaId": "B265F073-9E0A-4CA0-8296-AB52DEB1C323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F664223-1CBC-4D8A-921B-F03AACA6672B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*",
              "matchCriteriaId": "987A8470-08BA-45DE-8EC0-CD2B4451EECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BBC9542-FB77-4769-BF67-D42829703920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*",
              "matchCriteriaId": "74FDC18B-4662-422E-A86A-48FE821C056F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAB4AA2C-D1D9-44D8-9471-66EBDE9DC66D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBA3E7AE-CB74-48A8-A2B8-9FCADB6E40D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j1750:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E4461B-72F8-4F3D-A405-4AFA99EC8A32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j1800:*:*:*:*:*:*:*",
              "matchCriteriaId": "663DDC1C-E48A-4E84-A6CC-B46FC45D6A6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j1850:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEC75B-10CE-4B7E-BA5F-6D661EC07FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j1900:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAEDED56-9387-4DAC-BF52-C32ECCB7D407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j3060:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA13F31C-BBD9-48C7-8499-92D0B5CA8CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j3160:*:*:*:*:*:*:*",
              "matchCriteriaId": "E57A9B28-734B-401D-B24C-A295F364D8E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j3355:*:*:*:*:*:*:*",
              "matchCriteriaId": "F02289DF-4A02-4602-89B7-E9148236EE1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*",
              "matchCriteriaId": "723E7155-493D-4B5A-99E2-AB261838190E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E37264-E4BA-4D9D-92E7-56DE6B5F918F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*",
              "matchCriteriaId": "8704BE6D-2857-4328-9298-E0273376F2CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2805:*:*:*:*:*:*:*",
              "matchCriteriaId": "731F1E65-1D53-443B-8E2F-8AF11191AFA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2806:*:*:*:*:*:*:*",
              "matchCriteriaId": "02A83822-822D-4A4D-B29B-A5BE6367A7DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2807:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8C32738-F08E-469C-8DE0-2708F30574A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2808:*:*:*:*:*:*:*",
              "matchCriteriaId": "B292187E-8EAD-49D2-B469-B14CA0656035",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2810:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7D131E1-24C1-48CF-B3DD-46B09A718FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2815:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ABF1231-73CF-4D1B-860C-E76CD26A645E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2820:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F88E38-4EC4-41DB-A59D-800997440C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2830:*:*:*:*:*:*:*",
              "matchCriteriaId": "32FD6647-4101-4B36-9A9A-F70C29997148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2840:*:*:*:*:*:*:*",
              "matchCriteriaId": "D248D668-A895-43B3-ADEF-1B22EE7DC76E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2910:*:*:*:*:*:*:*",
              "matchCriteriaId": "858411B5-E904-45FA-8B33-5CC73B915B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2920:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BB9336C-C893-4AB0-9402-868CE9960058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2930:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4695F94-7AAE-4219-9EF6-CE6D0838192D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2940:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD7A0991-73F0-410D-855C-BFC88A66E61F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3000:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAF5CF9A-B3F2-4686-B933-7DB13AD2CF35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3010:*:*:*:*:*:*:*",
              "matchCriteriaId": "9858EAC3-C1CE-449B-A605-FFA337DA825D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3050:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A8F905-A4C6-4EC6-B9E8-800948350B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3060:*:*:*:*:*:*:*",
              "matchCriteriaId": "565B48E3-1406-4E3C-B4A5-35865C5614E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3150:*:*:*:*:*:*:*",
              "matchCriteriaId": "46B6C4D7-B0A2-4DF1-B8DE-19C806D5FABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3160:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB82A90-C0BC-4BA8-88CA-4967BC3A4A7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3350:*:*:*:*:*:*:*",
              "matchCriteriaId": "191A094B-E354-4767-AD43-87CE140BF851",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1289B9E-5725-42EF-8848-F545421A29E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n4000:*:*:*:*:*:*:*",
              "matchCriteriaId": "238A21CB-F8C5-468B-B523-6D014E2EA8AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n4100:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC52CDD-614D-4EA0-8DA8-D71189C42E8B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:core_i3:330e:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4229DB2-8BBC-49F8-87A8-2E7D56EFD310",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:330m:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEBA7322-4D95-4E70-B6A5-E0D8F1B5D7EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:330um:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0E91F46-D950-4894-BACF-05A70C7C6F7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:350m:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E12B40B-5221-48A6-B2A6-D44CD5636BB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:370m:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BCB77C9-ABE3-44A0-B377-7D7035E8A11F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:380m:*:*:*:*:*:*:*",
              "matchCriteriaId": "D06639F5-5EE8-44F4-B48A-5694383154DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:380um:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD9662C9-59D3-4B3E-A4DA-4F1EE16FC94B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:390m:*:*:*:*:*:*:*",
              "matchCriteriaId": "637C3687-FBCC-41A0-BFE6-823BAE45FB92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:530:*:*:*:*:*:*:*",
              "matchCriteriaId": "2350A197-193F-4B22-80E8-3275C97C78EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:540:*:*:*:*:*:*:*",
              "matchCriteriaId": "734C7A7E-ACCA-4B34-BF38-0FAED988CC6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:550:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D9ABAFC-B3B5-449D-A48E-2E978563EDE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:560:*:*:*:*:*:*:*",
              "matchCriteriaId": "99019EA0-6576-4CE7-B60A-975D418AA917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2100:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E846AEF-751D-40AD-84B5-EFDC9CF23E2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2100t:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9DD909-B2AC-46BA-B057-D239D0773CAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2102:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F5C355-FDFC-4E71-93AA-218389EF10E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2105:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A1CA1E-971D-4F67-864E-2E772C1E736B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2115c:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B5F8391-D974-49AC-8550-ADB3FA6C0535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2120:*:*:*:*:*:*:*",
              "matchCriteriaId": "8302BF58-9E54-40DA-BCFE-59CA52C460D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2120t:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECCDE9EF-037B-4650-8131-4D57BE141277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2125:*:*:*:*:*:*:*",
              "matchCriteriaId": "47BA9DA8-F690-4E3C-AEF6-6A5C7BAA6F19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2130:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB8253DA-9A04-40D6-84C1-C682B4023D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2310e:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF6D175-85C3-4C72-AD9F-31B47EF43154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2310m:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A5FC594-2092-4240-9538-235BBE236DD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2312m:*:*:*:*:*:*:*",
              "matchCriteriaId": "87D95F00-EA89-4FDE-991C-56636B8E0331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2328m:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C40D38-F7F2-4A48-ADAA-6A8BBD6A1A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2330e:*:*:*:*:*:*:*",
              "matchCriteriaId": "4158561F-8270-42D1-91D8-E063CE7F5505",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2330m:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF0DEA96-0202-41EB-BDC3-24E2FC4415B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2340ue:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8BACE1C-5D66-4FBC-8F86-30215A623A94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2348m:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF707146-0D64-4F3A-AE22-956EA1CB32B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2350m:*:*:*:*:*:*:*",
              "matchCriteriaId": "8118C3F9-0853-4E87-9E65-86E1398B2780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2357m:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A298501-C4D7-48D4-90F9-15AFA59DED48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2365m:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEE1B07B-3D92-4D2D-8667-D902F002277F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2367m:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F05CB19-1059-4C4D-BFD7-9F51A22A4F97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2370m:*:*:*:*:*:*:*",
              "matchCriteriaId": "5588732F-7F1A-4C24-B35F-30532107FFDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2375m:*:*:*:*:*:*:*",
              "matchCriteriaId": "A127DD5D-426D-4F24-A8C5-DC9DAC94B91C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2377m:*:*:*:*:*:*:*",
              "matchCriteriaId": "26EE0BBD-3982-4B0F-82F6-D58E077C75DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3110m:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAEEC918-EA25-4B38-B5C3-85899D3EBE6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3115c:*:*:*:*:*:*:*",
              "matchCriteriaId": "813965F4-3BDA-4478-8E6A-0FD52723B764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3120m:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C5EA2F4-F3EF-4305-B1A1-92F636ED688F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3120me:*:*:*:*:*:*:*",
              "matchCriteriaId": "04384319-EE8C-45B4-8BDD-414502E7C02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3130m:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52528CE-4F31-4E5F-8255-E576B20F3043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3210:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C3F422-F865-4160-AA24-1DAFAE63729C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3217u:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D034E7F-4D17-49D7-BDB2-90CB4C709B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3217ue:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C18E6B4-E947-403B-80FB-7095420D482B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3220:*:*:*:*:*:*:*",
              "matchCriteriaId": "2814CC9F-E027-4C5A-93AF-84EA445E6C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3220t:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A470C3-AAAA-4A6E-B738-FEB69DB78B9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3225:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1236944-4942-40E4-9BA1-029FEAE94BBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3227u:*:*:*:*:*:*:*",
              "matchCriteriaId": "086CAB4B-A10A-4165-BC33-33CADCD23C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3229y:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1A6A1EB-B3AB-4CB4-827E-CCAAD783F8E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3240:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAFB6B30-BFB0-4397-9E16-37D1A772E639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3240t:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFCB9D7B-7D0A-435D-8499-C16BE09E19FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3245:*:*:*:*:*:*:*",
              "matchCriteriaId": "64277594-9713-436B-8056-542CFA9F4CFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3250:*:*:*:*:*:*:*",
              "matchCriteriaId": "589BB170-7CBA-4F28-99E3-9242B62E2918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3250t:*:*:*:*:*:*:*",
              "matchCriteriaId": "91B9C4D9-DA09-4377-9DCD-225857BD9FA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4000m:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D0265F-840B-45A1-90BD-9ED8846A9F63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4005u:*:*:*:*:*:*:*",
              "matchCriteriaId": "74BAC0EC-2B38-4553-A399-4BD5483C4753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4010u:*:*:*:*:*:*:*",
              "matchCriteriaId": "4477EBA6-F0A7-452B-96E8-BA788370CCA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4010y:*:*:*:*:*:*:*",
              "matchCriteriaId": "1285D817-B5B8-4940-925D-FCDD24810AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4012y:*:*:*:*:*:*:*",
              "matchCriteriaId": "D289F7B4-27CD-4433-BB45-06AF98A59B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4020y:*:*:*:*:*:*:*",
              "matchCriteriaId": "00168903-6012-4414-87D1-2EE52AA6D78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4025u:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AE8D524-577E-4994-8A4B-D15022C84D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4030u:*:*:*:*:*:*:*",
              "matchCriteriaId": "75977B0B-C44D-43BC-8D7A-AF966CDB1901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4030y:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7F5D52-9F41-49A4-B941-E0D777203FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4100e:*:*:*:*:*:*:*",
              "matchCriteriaId": "52B5B3FD-5BEA-4DE8-B010-55FED1547167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4100m:*:*:*:*:*:*:*",
              "matchCriteriaId": "167B1B04-5823-4038-A019-3975A3B447C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4100u:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6C7A4EA-0B5E-47CD-8924-3B1B60EB4BE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4102e:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BA096E0-5480-47CB-822B-D11D7E20F69F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4110e:*:*:*:*:*:*:*",
              "matchCriteriaId": "30357469-0B8F-4385-A282-2F50181EA442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4110m:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE70772-7796-4594-880A-6AAD046E4D8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4112e:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A9E2F8D-2974-4833-9EC2-233CEE257C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4120u:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EE3078-454F-48F8-B201-3847DB40D5C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4130:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE32C500-55C2-41A7-8621-14EBF793BF11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4130t:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D3DF52-501A-4656-98F1-8DD51D04F31F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4150:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EA603AD-6CF1-44B2-876D-6F1C0B7EF2C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4150t:*:*:*:*:*:*:*",
              "matchCriteriaId": "09578301-CF39-4C24-951A-535743E277EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4158u:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F4D14AA-7DBF-4B73-BDEF-6248EF5C0F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4160:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A65F303-96C8-4884-8D6F-F439B86BA30C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4160t:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E046105-9DF5-425F-A97E-16081D54613C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4170:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2987BCF-39E6-49B6-8DEE-963A38F12B07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4170t:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AEDE2B7-9AA2-4A14-8A02-9A2BFF0DDCBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4330:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AD92AD8-033A-4AAD-91E5-CB446CCE9732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4330t:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E0E73A-F1B4-4E70-B9F1-EE97785B8891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4330te:*:*:*:*:*:*:*",
              "matchCriteriaId": "61D6E3CC-79B1-4995-9A76-41683C7F254A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4340:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9CEB2B1-BD1A-4B89-8E03-4F90F04A0F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4340te:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FE5773D-3CD1-4E63-8983-E0105C46D185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4350:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A7C307A-6576-4A0A-8F4E-0981C9EE2901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4350t:*:*:*:*:*:*:*",
              "matchCriteriaId": "18B3A53B-902C-46A5-8CE7-B55102703278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4360:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB843479-729A-4E58-8027-0FC586F051AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4360t:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF5A233-1E77-49FD-AC2C-60D185481E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4370:*:*:*:*:*:*:*",
              "matchCriteriaId": "18519CF2-B0DA-42DD-8A3E-9084298C210A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4370t:*:*:*:*:*:*:*",
              "matchCriteriaId": "329D5FCF-7EC5-4471-906B-3619A180BD52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:5005u:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DD43EAA-F3A5-4748-9187-A6E6707ACD11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:5010u:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6F3C14D-4BFC-4205-8781-95E6B28C83C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:5015u:*:*:*:*:*:*:*",
              "matchCriteriaId": "20942AD8-ADB7-4A50-BDBE-DB36249F4F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:5020u:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC6ED02-134B-4322-AB72-75A0AB22701E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:5157u:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FA74EEE-54CC-4F80-B1D3-99F7771335ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B859F7-0373-4ADD-92B3-0FAB42FCF23C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAC76F31-00A5-4719-AA50-92F773919B3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*",
              "matchCriteriaId": "49996F5A-51B2-4D4E-AE04-E98E093A76CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F8406B0-D1E5-4633-B17E-53DC99FE7622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D49435C-7C33-454B-9F43-9C10F28A28A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*",
              "matchCriteriaId": "D17E1A0F-1150-4899-81BC-BE84E4EF5FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*",
              "matchCriteriaId": "EADD98AE-BAB0-440D-AB9F-2D76BE5109E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED44A404-8548-4EDC-8928-4094D05A6A38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A6E4AA3-BEBC-4B14-9A52-A8F8B2954D64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2AAD8F0-0D31-4806-8A88-A30E5BE43630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*",
              "matchCriteriaId": "8164EE5F-6ABA-4365-8718-2F98C2E57A0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7110AF9-A407-4EE2-9C46-E5F1E3638E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A06696D-37F0-427D-BFC5-1606E7441C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9F8A5FC-5EFE-42EC-A49B-D3A312FB5F6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*",
              "matchCriteriaId": "68A76015-0A05-4EC7-B136-DC13B55D881F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*",
              "matchCriteriaId": "C352DCE8-E8D9-40D3-AFE9-B5FB84F7ED33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:core_i5:430m:*:*:*:*:*:*:*",
              "matchCriteriaId": "54464F6C-9B2D-46BA-AC44-506389F3EE0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:430um:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA11017-EA58-45EE-8408-FCCCF7183643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:450m:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A5098A5-E4E8-47E4-8CD0-F607FF0C0C90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:460m:*:*:*:*:*:*:*",
              "matchCriteriaId": "442AD778-D56F-4C30-BBF8-749D6AAC4737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:470um:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF7D3F31-AF4D-4C50-8590-A763AAC7AF07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:480m:*:*:*:*:*:*:*",
              "matchCriteriaId": "445BFC2E-38FA-4130-8550-0866EC4EDA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:520e:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DC2746-CE41-40C9-8CFA-23231BBCAE77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:520m:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C3A8976-5E4D-490A-A87D-A47D1B2B903C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:520um:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C8535E6-220E-4747-8992-45B6EAFC555C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:540m:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7479B49-F484-4DF2-86CB-E52EE89FA238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:540um:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D68512-746D-4E95-857B-13A0B6313C5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:560m:*:*:*:*:*:*:*",
              "matchCriteriaId": "4312BA84-F9A0-4BD4-8438-058E1E7D6C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:560um:*:*:*:*:*:*:*",
              "matchCriteriaId": "60E52DF5-C713-4BC4-B587-FF6BDA8509CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:580m:*:*:*:*:*:*:*",
              "matchCriteriaId": "304ADCAC-9E49-42BD-BC92-58D9B2AD52E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB02172-B9A7-4801-88F2-98BF5843184A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*",
              "matchCriteriaId": "5141380E-BD18-47C1-A84C-384BA821773D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AE6C49E-2359-4E44-9979-7D34F8460E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*",
              "matchCriteriaId": "C004B75F-37AF-4E61-98F3-1B09A7062DDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7126D19-C6D9-43CB-8809-647B1A20E7DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CC98503-A80A-4114-8BF2-E016659BE84E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*",
              "matchCriteriaId": "01E6F4A7-24BE-4AA0-9CDD-84FBC56FE9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*",
              "matchCriteriaId": "3821412D-B010-49C4-A7B4-6C5FB6C603B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CA5CC-9EB1-4063-8B9D-3F566C1EFF76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2300:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CEB5D2D-FF54-4BDB-9E9C-8C1B2719FC9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2310:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD5B51A-AEA0-4DA2-BA60-94A2D5605352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2320:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96C6CA0-434D-428F-B629-A971C2937628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2380p:*:*:*:*:*:*:*",
              "matchCriteriaId": "301AB72A-A6F2-42C8-A931-94EF2271443F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2390t:*:*:*:*:*:*:*",
              "matchCriteriaId": "59414B5A-05B8-49AF-A197-2A31729DDB65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2400:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BFDD380-692F-41D7-996F-F97FC74DC7CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2400s:*:*:*:*:*:*:*",
              "matchCriteriaId": "49602828-2BFC-4571-9F05-6210FD263DF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2405s:*:*:*:*:*:*:*",
              "matchCriteriaId": "87E03978-E16D-4A9B-8AE7-9F4F1171C14A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2410m:*:*:*:*:*:*:*",
              "matchCriteriaId": "03096A9A-5758-47E6-81E2-BCFE847C41F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2430m:*:*:*:*:*:*:*",
              "matchCriteriaId": "150CC865-7975-45EC-BFF7-A94146442BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2435m:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8FA1308-589B-432B-80F9-9A499D083ED5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2450m:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED2453E-30E1-4620-BEC5-21B0083449E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2450p:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FE8DD05-D700-4F89-9B01-D489029DF7A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2467m:*:*:*:*:*:*:*",
              "matchCriteriaId": "050957CA-6191-4F9F-9D07-48B342B3B1B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2500:*:*:*:*:*:*:*",
              "matchCriteriaId": "DACBF998-8B11-45C7-9017-486AED4FAE6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2500k:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F2F3C4-FC94-414A-A208-913A43D57D75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2500s:*:*:*:*:*:*:*",
              "matchCriteriaId": "641152EC-F4B4-4E5E-B396-AC4CAAB805BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2500t:*:*:*:*:*:*:*",
              "matchCriteriaId": "4911E332-B8BA-4336-A448-3F70D2BBB147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2510e:*:*:*:*:*:*:*",
              "matchCriteriaId": "330EC403-3174-4543-9BBE-CEC0ABC1575D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2515e:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EF585D0-507E-491E-9C3B-78EE26F2F070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2520m:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD00F7C6-6762-4DC9-9F6C-5EAC4ACB1C54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2537m:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5D885A-85C4-4A11-B061-61EFF6B6E329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2540m:*:*:*:*:*:*:*",
              "matchCriteriaId": "0502B59F-933C-4E25-A2EC-9296B197E139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2550k:*:*:*:*:*:*:*",
              "matchCriteriaId": "99D9C0A9-2DFF-4760-8FED-AC2DA7968E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2557m:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5A1BAEC-18BF-4607-BFB7-48102E75186A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3210m:*:*:*:*:*:*:*",
              "matchCriteriaId": "D49ED138-F42D-4451-A350-0B2DD5AB9444",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3230m:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED91472-90FC-4AC8-96D5-1550A8502411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3317u:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CEEFA6-CEED-4CA3-8DDC-B6601D69FB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3320m:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FD25ECD-0605-4CD7-9DC5-294ACD7EF1B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3330:*:*:*:*:*:*:*",
              "matchCriteriaId": "2784E2AF-A5E5-4960-830C-B3EFB84043D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3330s:*:*:*:*:*:*:*",
              "matchCriteriaId": "9112FA50-5527-4B20-80F5-2DE9E66D09F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3337u:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CE4E2E-B2BF-409E-B18C-D67DA810FE9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3339y:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B84D67-0B1D-4B74-BC85-AF8F933D8429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3340:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCA05A18-1523-4EED-9D2E-0A258A33F24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3340m:*:*:*:*:*:*:*",
              "matchCriteriaId": "C34E70EB-92F0-43F6-8883-FE422BE1A3FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3340s:*:*:*:*:*:*:*",
              "matchCriteriaId": "78D301F1-20C2-4756-9A90-37F14835CE14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3350p:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2EEC8B5-1CAB-4FBE-BBA2-D2FFA3EF9489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3360m:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA63B803-4D48-42E8-A793-F92ABCB8BFC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3380m:*:*:*:*:*:*:*",
              "matchCriteriaId": "129DB9CB-E878-4856-A954-15FFE1428636",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3427u:*:*:*:*:*:*:*",
              "matchCriteriaId": "730DB4AA-FD7D-40C6-8D7F-19937832EF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3437u:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E86978-4820-422A-8C7C-FF0697DAED05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3439y:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A7A9DB5-F544-4FD8-A9CC-0BD6257516AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3450:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF813AD9-D296-4915-861C-8DE929E45FE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3450s:*:*:*:*:*:*:*",
              "matchCriteriaId": "04A65469-083F-40B5-86C5-A2EAE5B2F00A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3470:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F1AA82E-BD86-40F5-B417-71DF6AF53A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3470s:*:*:*:*:*:*:*",
              "matchCriteriaId": "B71A6DB0-5EB0-4712-8480-CF427F521D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3470t:*:*:*:*:*:*:*",
              "matchCriteriaId": "8223D5A1-ADF1-43C6-AF91-EE5C413BCB37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3475s:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DD69605-F52B-4623-921A-983A5A408ECA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3550:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D5685F-6FFE-4A6A-9FF8-940C8DA36499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3550s:*:*:*:*:*:*:*",
              "matchCriteriaId": "B94062D9-8DDA-4B4A-B3B5-07F71F5B97E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3570:*:*:*:*:*:*:*",
              "matchCriteriaId": "3832D0A6-419D-4876-B5C4-920578F713F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3570k:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AA5C8A-83A8-4F96-9D7C-7A50ADDB2341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3570s:*:*:*:*:*:*:*",
              "matchCriteriaId": "404E38E6-9EB3-41D0-97A7-DC579688BFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3570t:*:*:*:*:*:*:*",
              "matchCriteriaId": "40E4A921-AB28-47B7-B5A3-EB82193D15BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3610me:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0357E48-2300-47B4-B9E5-9FE813A2FC09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4200h:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CC28B6-57D1-4919-AA55-A262CC16AFE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4200m:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB4C54D-1265-425A-B507-E1099844875A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4200u:*:*:*:*:*:*:*",
              "matchCriteriaId": "97362147-3A71-430D-9064-4435D45C3B8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4200y:*:*:*:*:*:*:*",
              "matchCriteriaId": "89212CF3-4E99-4389-94CE-F4211DDCA01B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4202y:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBEA4DA3-0AFB-4FCE-92DB-5B316775BB17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4210h:*:*:*:*:*:*:*",
              "matchCriteriaId": "611C0A0A-1FA3-42F9-82E8-BFCB71A077DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4210m:*:*:*:*:*:*:*",
              "matchCriteriaId": "36F027D9-DCB4-4A3D-8987-41F2941DBD45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4210u:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23BCEC9-2BFB-4B41-9A7A-18B1347C6202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4210y:*:*:*:*:*:*:*",
              "matchCriteriaId": "4924CE39-A846-4DB4-9547-6322FC5AD6B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4220y:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C9E2C9A-94A1-456B-90D5-54932DF64C22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4250u:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC04C652-B2D8-4002-A50E-8AFE83204A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4258u:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D413F0-CDBC-4A63-B9A7-9E7725BA1E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4260u:*:*:*:*:*:*:*",
              "matchCriteriaId": "754A8826-59F7-4A71-B74B-737BE9C7DE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4278u:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADB6BDA-6825-489B-AB39-7729BA45DFD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4288u:*:*:*:*:*:*:*",
              "matchCriteriaId": "7913F57E-E600-4767-AF51-D045E1898E72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4300m:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3783F4-5A05-45AA-9791-A681011FD78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4300u:*:*:*:*:*:*:*",
              "matchCriteriaId": "01E3114D-31D2-4DBF-A664-F4049D8B6266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4300y:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8EE6578-981D-470C-BB24-4960B3CB1478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4302y:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3320D50-C5C9-4D75-BF1A-5BB7BCBFE2BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4308u:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EE59839-8EB9-47FE-88E2-F0D54BE787A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4310m:*:*:*:*:*:*:*",
              "matchCriteriaId": "75694A3D-080A-4AA7-97DF-5A5833C9D9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4310u:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C5E27D-BBAB-4395-8FC6-8E3D4FB9A1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4330m:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E996176-3DEA-46E6-93B7-9C0DF32B59D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4340m:*:*:*:*:*:*:*",
              "matchCriteriaId": "4417007D-126A-478B-87EA-039D088A4515",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4350u:*:*:*:*:*:*:*",
              "matchCriteriaId": "F78C2825-F6A3-4188-9D25-59EAEC8A7B0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4360u:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2FA85D-B117-410D-B247-8C5A3479319A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4400e:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A041D27-132C-4B15-976F-1750C039A89F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4402e:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D495E06-BF2B-4C5A-881D-94C93CD2BA2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4402ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C31DFB8-8D8C-47D6-AAFF-BAE829A3D965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4410e:*:*:*:*:*:*:*",
              "matchCriteriaId": "088BC395-06D5-4156-85EB-63C4A9552898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4422e:*:*:*:*:*:*:*",
              "matchCriteriaId": "33A220A2-A6D2-46A7-B168-607400EEDCE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4430:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E79232F-7196-440B-82D4-165885251232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4430s:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED866954-77AB-4CA8-8AED-4252C595FC4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4440:*:*:*:*:*:*:*",
              "matchCriteriaId": "28A1F516-B180-45D4-8EB1-754B7497CB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4440s:*:*:*:*:*:*:*",
              "matchCriteriaId": "36758A04-64D3-4150-A004-CF042FA31CD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4460:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E01752E-F1DD-400A-A917-216CAF15B0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4460s:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD47EC58-F776-4F59-8F15-4B208904CF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4460t:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D3781F4-2123-4FA1-8AF5-D0D1E6C1A5B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4570:*:*:*:*:*:*:*",
              "matchCriteriaId": "94565E35-8A58-4CB6-A489-C796DCB97FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4570r:*:*:*:*:*:*:*",
              "matchCriteriaId": "49964D35-5323-4412-BD54-661630F9A8CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4570s:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0A37E7D-1BF6-4A2A-BF52-5F0EC4B4F341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4570t:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F66468-87D0-41FC-934B-5924BE2956CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4570te:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E0F93E1-4607-4DF4-AC6E-4B7254D4A8DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4590:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C0D99E-443E-4AB1-A07A-900A09FE177E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4590s:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6D0FD76-C1FB-43D0-8511-FC0BA6DA7960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4590t:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9DAEE52-09C3-4A09-9958-9D6807B2700B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4670:*:*:*:*:*:*:*",
              "matchCriteriaId": "B97690D4-E814-4D40-B170-BE56D7AE2C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4670k:*:*:*:*:*:*:*",
              "matchCriteriaId": "89804F2C-D32D-4444-ABEA-5B241153D096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4670r:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AAAAF9C-B29B-4020-BAFF-C87B1A08294A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4670s:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE60E1E-AB8D-46E4-A779-A54F2D20B5D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4670t:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB958A28-7C9A-4BD0-B002-4E1A65CDB0A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4690:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C27B318-2AC1-423D-B0C8-583BB1800D5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4690k:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E58E3D0-1154-4B13-BA16-67CE67DF0637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4690s:*:*:*:*:*:*:*",
              "matchCriteriaId": "32D2ACB3-B906-4944-A021-03C4645965BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4690t:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FFF834A-D7F0-4E48-AD3D-DD0BCE6DEC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5200u:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E1A41BA-A1D6-484A-BAD2-68DF85598354",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5250u:*:*:*:*:*:*:*",
              "matchCriteriaId": "11260C9D-69A9-4D81-9CCF-2E116DD75F7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5257u:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C020F06-FD27-46E3-A48F-3F60F33BB969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5287u:*:*:*:*:*:*:*",
              "matchCriteriaId": "03C74F10-6A7F-4F68-8A34-E981E1760DE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5300u:*:*:*:*:*:*:*",
              "matchCriteriaId": "24741B98-8D0E-4307-AAEF-A14B2531DCA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5350h:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D4FA4BA-4304-4A70-9F86-120F2A3D8148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5350u:*:*:*:*:*:*:*",
              "matchCriteriaId": "367FC8BA-F046-4264-A049-49E933E7698F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5575r:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE9B68D3-1DFB-4468-85C4-AC13E6CBC111",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5675c:*:*:*:*:*:*:*",
              "matchCriteriaId": "C966A016-B650-44D9-B8C4-1ED50AB318DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5675r:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC448FF0-6D3F-4609-864B-4191905EE2B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FC246FE-4CA6-4B2D-83C3-D50A386C24A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*",
              "matchCriteriaId": "758A14DB-1BAF-442A-BA7C-5E9C67847BEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*",
              "matchCriteriaId": "61309100-CFA7-4607-A236-8910838AA057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*",
              "matchCriteriaId": "82D76265-7BD0-4C51-AE77-22B22524DE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE38B195-BB8D-4747-881D-E8033760B4C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AA8BE76-168D-48A3-8DF6-E91F44600408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B656975-5D71-4712-9820-BDB7BC248AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA045267-114D-4587-B6D7-E273C28DC9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*",
              "matchCriteriaId": "77018415-E122-406E-896D-1BC6CF790BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ADF37F1-546B-4EF0-8DEC-DC3B9F5309FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7469256-1A64-46FF-8F5A-A8E9E3CF5BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9069B9-9FE3-4AD5-9A8E-55C0F73BD756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E1C012-3E05-44DB-B6D2-BFD619C034B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*",
              "matchCriteriaId": "15D689D6-8594-42F2-8EEF-DCAEBA885A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6446000-0494-4DC5-ABAA-F20A44546068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*",
              "matchCriteriaId": "99B94EEC-6690-45D0-B086-F4A5B25C25CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B767B6E-B3E6-4424-97A6-89A7E7EB0EEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*",
              "matchCriteriaId": "832AB3CD-E3A1-4CCB-A210-287973563D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A26C0CC-68AD-40F5-96B8-87E6C643F6F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C4221A-9994-43B3-9C7A-E13815A50A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*",
              "matchCriteriaId": "20070B1D-B91C-40BA-A9D8-E80170A2933F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70129C9-371F-4542-A388-C095869E593A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C4DE25F-168A-4C67-8B66-09F61F072BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*",
              "matchCriteriaId": "58157F24-D89E-4552-8CE6-2F01E98BD1E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC7FFD78-1E1C-4246-BBD3-73FAC06AA46B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*",
              "matchCriteriaId": "45ACBBEA-EC95-4F3E-B585-893DB6D21A0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DEC55DF-1950-45E5-A5F2-B5604AFA1CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6A5EC79-1B21-4BB3-8791-73507BC8D4DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB4AFC3-FE30-4F46-ADC1-D03EB14E757D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0387587-AAB6-4284-8516-4DA3E3582D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*",
              "matchCriteriaId": "A238C975-9196-449F-9C15-ABB2E9FD1D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F17F4A5-120B-4E00-97C8-8A85841ACBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*",
              "matchCriteriaId": "2537F047-64C9-4E73-B82C-310253184183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A55857C-649D-46CE-AEDA-6E553E554FC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA4892D-AFDF-4441-821E-5EBF7F64C9F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*",
              "matchCriteriaId": "327E06A3-7F0E-4498-8811-10C8D15398FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*",
              "matchCriteriaId": "1624E6D6-858E-4085-B0B9-362B819EFD88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*",
              "matchCriteriaId": "50D61F4A-40F0-477C-8326-7359D3626E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*",
              "matchCriteriaId": "1455B4DE-7F1C-4CF2-AE02-2EDD20025D62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B215788-860B-46CD-9A08-43AFF98FAEAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B92FAD5-CA6E-48F7-9613-3A4CE90F5F54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4EB132B-000C-4A17-AFB3-19F40A73D2CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C4815AE-B635-4545-83C2-5EC4E0128337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0046C06-E3E6-4674-A4D1-332DD29D9552",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C191851-3DC3-41C7-AD89-81F091CCC83A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*",
              "matchCriteriaId": "21126922-8E81-47F4-82D4-CBCDDACEC4FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*",
              "matchCriteriaId": "209E18B0-BBB5-4C65-B336-44340F7740DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*",
              "matchCriteriaId": "C867C0B8-91A4-482A-B7DD-54AB9599AE52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F03843-8A51-4CE1-BE6C-994BDE3A8F97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*",
              "matchCriteriaId": "09854948-2657-4261-A32A-0523058F072E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:920:*:*:*:*:*:*:*",
              "matchCriteriaId": "D13904A5-266D-481C-A42A-734C3823A238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:920xm:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACC82FCB-0541-45C4-8B7E-CB612D7F702A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:930:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C18BD84-5E9C-4C9E-B0AA-2CEB0D7A58C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:940:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5ABC7E-C4E0-4850-A1E6-07EBCF4A87D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:940xm:*:*:*:*:*:*:*",
              "matchCriteriaId": "501E9355-0CDD-4951-BCC3-47962788BCCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:950:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D976D9-62F0-43C3-8359-E51E26B6CD87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:960:*:*:*:*:*:*:*",
              "matchCriteriaId": "02AFBCD0-9B4B-4CA3-8FA9-D8B6ECB24894",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:965:*:*:*:*:*:*:*",
              "matchCriteriaId": "64ADE9AF-196F-4E0B-BC66-7DE0183F9032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:970:*:*:*:*:*:*:*",
              "matchCriteriaId": "C90CCA48-1705-4564-AAF9-271201BD5113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:975:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B82BAFF-17F5-465C-8032-67D5ECAB2921",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:980:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F694FEC-B97D-4BDA-ADFA-751E8BFB7CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:980x:*:*:*:*:*:*:*",
              "matchCriteriaId": "F831371E-7437-48D7-8281-1F406215041B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:990x:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC4F06B5-615A-464A-A0C4-7AABEE8530CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2600:*:*:*:*:*:*:*",
              "matchCriteriaId": "92AF503A-A2B1-4FC3-858B-264049ADF0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2600k:*:*:*:*:*:*:*",
              "matchCriteriaId": "E702C7EC-B1D9-4BDF-B334-2004CD76B52B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2600s:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39F31D6-DC4B-46FE-BE5D-EA612D915A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2610ue:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CB8036-5F36-4CD4-9B3E-D2401F2E64F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2617m:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9849BA3-3990-4E30-B99B-ADD043314CDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2620m:*:*:*:*:*:*:*",
              "matchCriteriaId": "A20FB18A-D3DA-4DE9-BEFF-75B7AB9B9A55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2629m:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A67CD6F-5E4F-4E69-A2A9-A4033DCE08EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2630qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A22E92-1EA7-45D9-AC86-EC3D9664C294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2635qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7FA2911-6561-47BF-BEE8-DDA31642C346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2637m:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA6CA23-6F2B-44D5-B2DA-4F142BA3E48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2640m:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F829DED-4D92-401A-BD80-C070DE57FC7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2649m:*:*:*:*:*:*:*",
              "matchCriteriaId": "F560575C-FD8E-485D-B50A-572604BBE903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2655le:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED8C51B-AE59-46DC-85F9-6D3B2891CB3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2657m:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A38D00A-B9DC-44DF-8247-70355FF9A6EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2670qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "381EFC43-D5D9-4D10-90BE-4C333A9BA074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2675qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBEDED18-2755-4C55-A1A1-04B4D5F40276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2677m:*:*:*:*:*:*:*",
              "matchCriteriaId": "F04B57EC-0731-40C8-939F-1C686A65A0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2700k:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB301FB-EB3E-4F5F-868D-5B66CC7E1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2710qe:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1D28F9-B135-441B-A9BF-792DD356E374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2715qe:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D01CE3E-5C89-4FC0-9097-CAC483ACD441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2720qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BDD55C4-AFCD-4DF2-921C-DDC1D7556DA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2760qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F52334F-BE6A-4FD4-9F63-AE9BB017115B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2820qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C9BCC3-B9A6-4195-BF2F-E7BBCE8DC269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2860qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4DFFA7-AA0E-4D7E-97B8-13389FD47D4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2920xm:*:*:*:*:*:*:*",
              "matchCriteriaId": "707F6671-57AC-4DF4-8024-444502E5C92E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2960xm:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C1FCE07-F9E8-4B14-95CE-01784D472128",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3517u:*:*:*:*:*:*:*",
              "matchCriteriaId": "C208711F-FC06-46C8-8849-27054DC1B264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3517ue:*:*:*:*:*:*:*",
              "matchCriteriaId": "25AB8041-F201-4BB3-AAD9-199B06697DF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3520m:*:*:*:*:*:*:*",
              "matchCriteriaId": "D75C474C-D5EF-42D6-9B2A-A504BEFCB982",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3537u:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F566CD3-3649-492B-B0AB-A107E51675B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3540m:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9F3D74-AE72-4FC5-83E9-890781AF3093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3555le:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8EA6A7-4AB8-487E-B5DD-9989CC5F1CD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3610qe:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF63DDC8-A0C1-482B-92F2-CF6135E8C2A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3610qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "C69918C6-7AAD-4AA5-AB72-C275367B1008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3612qe:*:*:*:*:*:*:*",
              "matchCriteriaId": "06155B0B-A5AD-4A82-8C02-D264981687A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3612qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "F76C19A4-FA26-432A-9443-9F92B2A946EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3615qe:*:*:*:*:*:*:*",
              "matchCriteriaId": "99BEE9BE-E49A-489B-B333-95D0993F8FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3615qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "7427A678-EC47-4030-B905-619DD95F5A82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3630qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "86749716-1C9F-4C2A-B2A7-E62DEC10EA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3632qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD000B53-06DA-4ED4-B0EE-9CB201B75C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3635qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8424463-C329-4BAA-8AA1-25CD8B63292E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3667u:*:*:*:*:*:*:*",
              "matchCriteriaId": "52727E62-0048-4C56-BC8C-B3450D257B21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3687u:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D8223AA-F077-45FD-A7E3-3C2C1A8F6E91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3689y:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAA34B50-2330-4D77-BF1A-6F05F3EF222C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3720qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6421F69-1076-43D2-B273-DE80FB2D5F72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3740qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1EDA9E2-CFE7-4917-BE48-A83208BDF0F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3770:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A34E7FC-93A4-45F2-A7B6-4A8ABFCAB0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3770k:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E611EDD-D44C-4311-B681-431D7C574528",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3770s:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E1B6AA-2F9A-43A8-9147-2BD9474E54C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3770t:*:*:*:*:*:*:*",
              "matchCriteriaId": "1886D007-85B6-4E5A-968D-A1FD476A08A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3820qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDDDCB65-4404-49BC-9515-ECECD58A667F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3840qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8D3E00-64C3-407A-9B00-8B6E383F73FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4500u:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB1B00A1-9C15-47C2-9F57-66586DEACC7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4510u:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5BF932-459F-4DD2-B160-5FE0371C7D83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4550u:*:*:*:*:*:*:*",
              "matchCriteriaId": "A58ACE96-F1BE-4261-8F94-FC3C6E7C7561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4558u:*:*:*:*:*:*:*",
              "matchCriteriaId": "783D6EA7-C016-4314-A87B-4FED1DC7114B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4578u:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AD0176F-FFAE-4A85-9327-CE72FE059E90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4600m:*:*:*:*:*:*:*",
              "matchCriteriaId": "A56970C7-F8D3-41B2-A78B-0C7F4A2A4E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4600u:*:*:*:*:*:*:*",
              "matchCriteriaId": "26D4CE1F-86C8-4E48-9146-9DB57BF540FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4610m:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7F9D65-5537-4C25-B02B-2393F60D1299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4610y:*:*:*:*:*:*:*",
              "matchCriteriaId": "F09C8A92-820D-4572-A797-180E17A7DEB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4650u:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA7D77A2-0D9A-4D0D-B0DC-152757917BE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4700ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "A07D3F1A-16CE-461F-A2F4-80FE5F841CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4700eq:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C04557A-C508-4FAD-A535-1C0AEFF08075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4700hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFAE489-6679-4705-BF9C-BB6D385A1DC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4700mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "429A99C8-BC55-4887-893C-7124C1A5DB08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4702ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A2B709-CC19-4116-A5BE-5DB5C8B45A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4702hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "D79DAC74-1F28-4EC8-B417-3FAFFB74C4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4702mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F1F1377-6220-43FB-BEF9-BAA7B0158147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4710hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "18422CA8-3000-46B1-9065-2369E6B0BE16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4710mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D558C66-E80E-4FC7-A0DF-485466390C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4712hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23EA9AE-9E70-47B5-AD9B-0DF13A0939E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4712mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "860F22F6-4C87-47C5-965E-02A1AFF41A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4720hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A2CA86-BFA8-4C78-987D-AD26F32622F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4722hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEF64E0A-CDB0-427E-A96F-095EFEBA0A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4750hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "425F6D34-EE60-464B-8EA6-8116EDAA1219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4760hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEB9F657-1239-4424-A2E8-F8BD98C0095E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4765t:*:*:*:*:*:*:*",
              "matchCriteriaId": "F631403C-0A67-42CB-815C-133EB87E0C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4770:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A4A5A57-B1A2-4BBA-AC36-7EA7DF9CDE06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4770hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "0453C0EA-BA67-49D5-964F-35493F97D905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4770k:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D237E-ACB7-4382-AF5B-D27E634BF867",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4770r:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5461EB2-2958-4923-86AF-C74D449120B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4770s:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C22141-E698-4E38-AF50-9CE04C1168FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4770t:*:*:*:*:*:*:*",
              "matchCriteriaId": "49D0E470-427D-4A68-AFD2-982A4F7CE2D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4770te:*:*:*:*:*:*:*",
              "matchCriteriaId": "43AB50F3-14AC-44BD-B7F0-A683C5FD1A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4771:*:*:*:*:*:*:*",
              "matchCriteriaId": "713C4B7A-C38A-4818-A258-D07DEDEC906E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4785t:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59740BE-FC30-4400-B978-1DB41282971C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4790:*:*:*:*:*:*:*",
              "matchCriteriaId": "839728F0-5F23-462F-B493-C37EE4C874F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4790k:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F1B47DA-BA53-4D7A-9B5B-582238D5E99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4790s:*:*:*:*:*:*:*",
              "matchCriteriaId": "D452F1BF-1FA5-463C-8F13-6357509FB5D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4790t:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF6D1F4C-B396-468C-BA32-9367A68C95DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4800mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76A812F-D77A-49C8-B7A5-0C08258D4BBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4810mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E001AAB-07EC-47BF-BDE9-BB927872781D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4850hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1DF11F5-61E8-4A98-86C8-49D6B3224FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4860hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "AED153E7-99A2-4C02-B81B-C3DDF8FAE1A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4870hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "D024802A-EA60-4D9B-B04C-027A0703EABD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4900mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA731F3C-1F04-4EE2-83EC-9486F5032903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4910mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "544A59F6-E731-43C8-8455-69256933E71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4950hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "624258EE-7FFF-4432-9B6D-4D60AA73CD9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4960hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A2701A-35A8-4268-B9CF-40BA3219373B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4980hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E671F6-8DED-4735-BE97-58A60E5B5C13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5500u:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC68B2A-8570-4311-BB60-49DBBDAF7430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5550u:*:*:*:*:*:*:*",
              "matchCriteriaId": "9826FA02-937E-4323-B9D5-8AE059ADBE95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5557u:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8630BB-48AA-4688-A6F0-212C1BB4D14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5600u:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AC98D35-D7D5-4C24-B47E-EDE2A80B2B9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5650u:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2F8ABCB-12C3-4C45-844E-B07F77DA2DE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5700eq:*:*:*:*:*:*:*",
              "matchCriteriaId": "326105AC-3926-437E-8AFF-916960107050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5700hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "866E1275-7541-4B80-8FDF-53246A204C15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5750hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "E190929D-D3CC-46E1-A903-0848829061DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5775c:*:*:*:*:*:*:*",
              "matchCriteriaId": "81E4EBCB-B660-4F6A-AD73-81B9D8964162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5775r:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D58CC5-CB46-464D-93B8-6AD5A19AF097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5850eq:*:*:*:*:*:*:*",
              "matchCriteriaId": "16541D3E-EBBD-4D92-96D8-F169733377AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5850hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F08D257-F570-4D39-A6E8-0F60E55472E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5950hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "C20ED667-2BFB-41C7-82BA-9F0C0044DA08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*",
              "matchCriteriaId": "6158ED8A-007E-48B7-99BF-8BA03BF584BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBA7096A-F321-49A0-911A-F9683ABE6E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A471395-7F8F-4BA5-962D-4D8F271FAB47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9484380-92B9-44DB-8E20-DC8DE02D1CA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*",
              "matchCriteriaId": "8010808D-805D-4CA3-9EA2-55EB1E57964C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*",
              "matchCriteriaId": "9716FE9F-A056-42A3-A241-F2FE37A6386A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73422A3-ECA0-4C41-9AA5-CF7D77885CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A96A5AF-C9EF-4DED-AE25-4540A2B02915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5115B12-053A-4866-A833-D6EC88D8F93E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5619D4D-9685-4595-8A5F-A18273FE4213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*",
              "matchCriteriaId": "B77E00E7-0EA4-4E32-A693-0E0F66BA4C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA3457E-7E1A-4878-9752-79382E954A66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "68630C63-4457-4E12-B7BD-AD456B237FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6FB5695-2950-4CEC-81B4-FD280F835330",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F340AF8-508F-449D-9AFA-4E55F069B4F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*",
              "matchCriteriaId": "E944410E-D674-4141-B50C-9F55090325FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6438E07-0AC0-4BF9-B0F2-9072CA9639D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:core_m:5y10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5079AA70-C864-4AE2-809C-52B50632F2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:5y10a:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D124BCB-D8C3-49F5-B05C-E09B3CEBEBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:5y10c:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A86291B-C986-4320-BCEF-9F5AD8B309D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:5y31:*:*:*:*:*:*:*",
              "matchCriteriaId": "1227659F-1393-4189-978B-CC3DC53BF407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:5y51:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C2DB843-638F-41EF-B486-409318AA2DE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:5y70:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0004D8A-A186-4DA2-A7AB-18A6456438FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:5y71:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B6BE9F-F113-4976-951D-53F2E183A95A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:core_m3:6y30:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB005F1-9719-4985-B9D9-2140C962ADD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m3:7y30:*:*:*:*:*:*:*",
              "matchCriteriaId": "A94D0C1B-F30F-4724-915E-192C53FAE58A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m3:7y32:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F247860-1D2C-415C-AFBD-26BD875AAF02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:core_m5:6y54:*:*:*:*:*:*:*",
              "matchCriteriaId": "9697EDCD-A742-4AC6-876E-1080AD684207",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m5:6y57:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E73924A-875B-44D0-8F7C-A822B0488126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:core_m7:6y75:*:*:*:*:*:*:*",
              "matchCriteriaId": "03751B92-EE07-4F16-A476-BD25561810BC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:pentium_j:j2850:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3A630E1-6CAE-4809-AB18-5002F158AE90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_j:j2900:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67750FF-EF4B-414F-8ED4-299CAF33B0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_j:j3710:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A82D885-82F5-4755-BC11-5899E28CEE42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*",
              "matchCriteriaId": "88AF1366-8A14-4741-8146-886C31D8D347",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:pentium_n:n3510:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FD75301-E29C-47DC-B53F-DC44EA0C1885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_n:n3520:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C944024-BEAA-43AF-A339-FD69C75E8240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_n:n3530:*:*:*:*:*:*:*",
              "matchCriteriaId": "435C69D1-3932-4379-8D18-B1E12D558325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_n:n3540:*:*:*:*:*:*:*",
              "matchCriteriaId": "3572B700-73C0-41D1-95FD-FE9D5B0C1F80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_n:n3700:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A40DC9-0D4E-4C91-8D1B-3CED95B3952E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_n:n3710:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FB3E4B-05F8-411A-8C86-4ACE03815553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_n:n4200:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E55EBC1-6F96-47CD-9503-7855EFB07240",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5502:*:*:*:*:*:*:*",
              "matchCriteriaId": "4208DBA1-7F85-4876-9B6C-D1B43EAAB2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5503:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ADC8E5-1CE7-4481-A9B5-61BFC6B4FF50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5504:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1789924-FADB-4076-8874-120B29EE6B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5506:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC246667-2F6F-4024-9EAA-2CE3018235C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5507:*:*:*:*:*:*:*",
              "matchCriteriaId": "B21BA7F8-D4B5-4E6B-8FCE-04BBD3501AA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5520:*:*:*:*:*:*:*",
              "matchCriteriaId": "1341A5D4-A5CE-4D31-A178-01C3069D7A55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5530:*:*:*:*:*:*:*",
              "matchCriteriaId": "86A5C199-92E5-435C-AC40-175849285104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5540:*:*:*:*:*:*:*",
              "matchCriteriaId": "67589F54-0A54-4DE7-9A47-A73DD05F7965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5603:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC34C8E-1BB9-43CC-9D89-9E6DC435B7EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5606:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BE5163E-9BCF-4BF8-BCB9-B48C4E7E1564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5607:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C5DC8C-3318-440B-8B29-4827F343927B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5620:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ECC47D8-F602-4CEA-B19A-209CE76C9D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5630:*:*:*:*:*:*:*",
              "matchCriteriaId": "7514ADD3-DECC-4CC2-9421-A609E526FDC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5640:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED2EC97-8B2D-47A9-8EC7-D1E0ACBB6C52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5645:*:*:*:*:*:*:*",
              "matchCriteriaId": "691097C3-F91B-499B-BAEB-4E7E9C43B517",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5649:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B3DB1ED-017B-43EF-92A3-A8A88669FBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e6510:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A49AAF-0F08-4151-8F74-4EF9C3415B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e6540:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F7A2018-BB4D-4DC1-813D-A4AA3F270893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e7520:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95D91C4-C539-4458-A6C9-8AE17207AE30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e7530:*:*:*:*:*:*:*",
              "matchCriteriaId": "37F9D218-8198-42C7-88FE-7C5382138324",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e7540:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8FDD81-95EE-4241-93C8-925085A4CE7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:ec5509:*:*:*:*:*:*:*",
              "matchCriteriaId": "614D9E35-10E0-4CCB-B817-C7C8C3947BE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:ec5539:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75F987E-F4DB-46FF-B048-21B4A4C07B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:ec5549:*:*:*:*:*:*:*",
              "matchCriteriaId": "05376F2C-30B6-406D-90F7-6C2E00E85171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l3406:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCDD3DF6-24BF-4C13-8F07-AF07327E5622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l3426:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1520A64-2157-45D7-A135-F900798C4EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5506:*:*:*:*:*:*:*",
              "matchCriteriaId": "05A30F85-5367-4369-B7A5-176D71279FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5508:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8803FF9-48D7-4AB0-8A17-4590CABD0BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5518:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DC63B6B-5D6D-477B-9125-007F835981B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5520:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF385AC9-963E-4670-95A6-BE1EBC3890B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5530:*:*:*:*:*:*:*",
              "matchCriteriaId": "943FA088-2902-45A9-A1BA-D612B46A50D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5609:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C80902D-9A6C-47D4-B56F-35C378FC0E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5618:*:*:*:*:*:*:*",
              "matchCriteriaId": "1100B46C-8485-4048-BFF8-2BAB311EC04A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5630:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9E1646-E154-41BA-B9FA-0839A898023D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5638:*:*:*:*:*:*:*",
              "matchCriteriaId": "03F4C8E6-0043-41A8-94EA-EEBAA1A081E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5640:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C10985-CBF7-4717-A7D6-2594887D7CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l7545:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C49886C-B6A0-4D95-8533-329FE5A66F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l7555:*:*:*:*:*:*:*",
              "matchCriteriaId": "0788CF23-3FAF-44C9-9AAA-96E4818A1AEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:lc5518:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AF7001-64D1-4BFB-9280-0BA0FAD97A0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:lc5528:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C6E420E-16DA-4FB1-9968-C93E229614FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:w3670:*:*:*:*:*:*:*",
              "matchCriteriaId": "07469E04-B3D2-41FE-A2E4-E25A977026CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:w3680:*:*:*:*:*:*:*",
              "matchCriteriaId": "60FF402E-5E4F-414A-A3AB-149548303616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:w3690:*:*:*:*:*:*:*",
              "matchCriteriaId": "79E2B875-A270-45C0-A1B1-041264E5B290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:w5580:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C828C8C-7ECB-4167-87A9-0F522C400C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:w5590:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C2C887F-1EF7-468A-A6AE-440793C78DAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x3430:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2F3D7F-D884-4ACD-A103-060F57A9867B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x3440:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1FCAAD-7072-45EC-9ACB-08556458BAF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x3450:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4446224-40E8-4AD0-8197-921D3473E19B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x3460:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EA159D9-8C7F-4BE5-9093-A21C7D00F7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x3470:*:*:*:*:*:*:*",
              "matchCriteriaId": "B92B68FD-771A-4401-8B1D-B1A252356F62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x3480:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B933941-0BE3-4EEB-8FDD-2DAA63343EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5550:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D060EF0-B29C-4B54-86A0-FD5CFF7B80BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5560:*:*:*:*:*:*:*",
              "matchCriteriaId": "36F737C1-6011-42D2-9690-CA81EA0A283C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5570:*:*:*:*:*:*:*",
              "matchCriteriaId": "19CA7EB6-D1C9-48D9-A69A-2618800A6CE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5647:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CA1F3E5-ED7F-4E4C-AD0D-0EEC542A9E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5650:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED6E3C9B-A661-4B37-B76D-A3F7BD638D4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5660:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C909B0-8FB2-4220-AF93-EECB8D650CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5667:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF36BAD0-A762-4F84-BE0B-060FE666ED67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5670:*:*:*:*:*:*:*",
              "matchCriteriaId": "007337CD-94FB-4ED9-B4A3-9E0EC52D79B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5672:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCDFA137-F1FC-46BD-9872-D62671B1434D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5675:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E6DBCB3-E912-43A1-914B-5C7CCFAADE25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5677:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCF36E2-0B42-4F23-97D6-9E79ECCA8FAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5680:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2C67312-E128-4833-A91E-D7A9F96A7AD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5687:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F19F408-FABD-4A68-8CDC-C763F0321FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5690:*:*:*:*:*:*:*",
              "matchCriteriaId": "68A06EC2-E491-4CD5-9904-61A88EBB7FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x6550:*:*:*:*:*:*:*",
              "matchCriteriaId": "789A8CAE-8D9E-4244-880D-FBE28EC53AED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x7542:*:*:*:*:*:*:*",
              "matchCriteriaId": "F901EE11-D0C9-46F6-8316-D8F4F1D50260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x7550:*:*:*:*:*:*:*",
              "matchCriteriaId": "E549F600-B9CE-4843-A772-2DACC528903E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x7560:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F28E733-87ED-4610-A8EE-BD37BED7685B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:xeon_bronze_3104:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB488DD-D97C-4E21-A055-E6CECBBBC34E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_bronze_3106:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DC12C97-9966-40E2-8B23-B4453EC9EA6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2832E8BF-7AC7-444C-B297-66F770860571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*",
              "matchCriteriaId": "44AA72FB-E78D-419E-AA82-B0538C6504D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "687C3BF3-D71A-49AD-8A05-EAC07CBCD949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "90AF90D9-16C4-4F8A-9868-3E2823E3445C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C063C53-8970-45B1-85F8-FB2080BF4695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "64596ED7-794A-4D23-987B-D9AD59D48EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2E52BA6-2F2F-4CD2-A601-5B0ADDE5E23F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FDA48F0-0F35-4A8F-8117-B0B28E00AB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A561A8E8-79E2-4071-B57D-590C22EF86A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E46658-60AB-4758-9236-3AC0E6464383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "207B8FBA-E2FF-485A-9AD9-E604AE0FB903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F99640-C753-40BE-A0A1-4C2D92E7DB09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1EC6D3-01CD-4CAB-817D-AE2E72FD0D03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1125c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F98247B-1839-4676-855B-827A4B6C016B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDBA35BD-1048-4B6E-96B2-1CFF615EB49A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6CEEEE2-D6A2-4342-8A73-934093948824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "979FEE9F-A957-43B6-BB6D-1A851D6FA11C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7AF59D-D05E-47F9-B493-B5CD6781FDDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF7EC93-0170-45A9-86C7-5460320B2AE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A7B1C2-D2CE-485A-9376-27E14F3FA05A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F803AC-DCC7-43FC-BEB3-AA7984E0506C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "560993AA-299D-42B7-B77F-1BD0D2114CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C582B1C-1DAC-48FD-82DD-7334C10A2175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7862B0C-2C44-4110-A62A-083116129612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "048C5996-F719-4338-B148-0DD1C13E02FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0196DA2F-CFA7-44D0-BDF5-37C7403E3B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9FF7FB-AB5A-4549-8C15-E69458C649E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CEF6608-B650-4C77-9823-0AD57B3484F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE6A2D7-901C-45F9-B487-D674047D522E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCFCAC5E-6CF1-4EC1-A24C-688DD1016A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ADCB509-5B0E-4592-8B23-EC25A3F79D41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB51691F-089F-4016-B25E-238074B06C0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBAAC728-6A0F-4675-9677-AAF7DD5D38ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB3BFEFD-3D0D-48B0-A5AE-6F3C2D791CE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC7E1AFD-9BCE-4487-A8DE-F9C60529CA7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EA37503-FD3D-4220-933C-234631D6EDEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "72992831-2A76-456B-A80C-944BDD8591E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79C2131-5566-4CC2-B6ED-38E3F6964500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60BFDAA6-3DFC-4908-BC33-B05BAB462F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6266056-770A-4E2D-A4FC-F1475257648E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "929AA8F3-8BDF-4614-9806-6D4231735616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "605D7552-8184-4B11-96FD-FE501A6C97DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3144BBDE-CC96-4408-AA02-ECC3BF902A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8BA77A-34E3-4B9E-822A-7B7A90D35790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7165B43-ED22-4714-8FA4-1E201D1BFA69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67CFB133-FAF0-431A-9765-8A9738D6D87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2975B0F2-DB7C-4257-985A-482ED2725883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70221E07-3C2E-4A82-8259-AD583EB5CDDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "427DFD78-56CD-43C4-948E-F53AF9D669F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E3E6F5F-6B82-43D9-BD6E-D22F9B991DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75AD7649-3FEA-4971-9886-6C9312B937A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4EE972C-6BAE-4342-BA01-1D685487F9C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27CDFE3B-C064-49A9-BD43-3F7612257A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD0EEC1-D695-41A5-8CD6-9E987A547CC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35AA9AC-28B3-49C2-A9B5-5D26DFEDB723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF25B8-D474-4C6B-8E45-F57DDC7074E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF18FD1-6670-4C3C-8000-A079C69D575E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D760EEAF-5CF5-4F25-8FA2-D4F75F4F5A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "921EB5A5-F911-4FCE-A6F1-C66818B34678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13878C13-1C7C-4B83-AF27-4998E8F659DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "023063E1-2DD7-487C-A8A7-939FAEE666A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77255CE6-D7B7-4B48-993C-7100A1170BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40AC368-3A14-4EFF-A8D0-7EFB4C83045D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3472AA7B-C0CF-4D65-8A6C-B1D52D27F0CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C07E80D5-70A5-49C9-9044-D683C7ECCFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63668AF4-F29C-4424-8EC5-2F0A5950DD58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E86616FE-0C3F-4984-A364-8A6A9F01DAD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C1C7CD-538D-4D7A-A81C-10DF5376A479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5922F749-2B23-44B8-8A46-F31BCAEAD279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C48BBAF-6B27-43D6-B86B-40CD8E7BA056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D75D0EEB-707C-4C86-A569-E91E9F00BA77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FB0E20-0243-40A1-8DEF-37150791222E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CFF26D-8AD3-4179-9E4C-F06D7C858C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7541572C-229F-4963-B7F0-06EB3323E53B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DE669C-27FD-4196-8B8C-1DA4EE4C1D6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "479F7C77-D16F-4E40-9026-3EB8422E0401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A242AC2-9AA6-43FD-90F4-5BF6E80DBB5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04DB08C8-0018-4A8E-A206-097BDDF83B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7193E85-30BE-42D5-A26B-3F88817F3574",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "446E8515-45FC-4B8B-8D12-60643D64C07F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBBDF6B2-D388-4639-87D8-064AA3F6B6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00AAB8B6-B614-4EAA-BA90-C5326CB5D07A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A371DF9-E224-404F-99C2-C2A4607E62D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F40E356-365D-44B7-8C38-A0C89DDD6D3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3132029-89F8-4359-A0DC-A275785266A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B02F5685-0636-48AB-B222-434CA1F3B336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E51FDD60-88E5-4A86-BB8E-4C2D7EDEFA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ED4693C-DECF-4434-90C0-56158F102E7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB408A6B-0842-43DA-9180-B0A299FCBCE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6215EBAC-7C75-4647-9970-482120897F1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3357FCAC-B6C4-4E3E-A40B-AB5084A7F9B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B1BD2B6-1AF6-4AD4-94FA-94B453A21908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D1FD6E8-80EC-461F-9ED1-CE5912399E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96F585E-BDEF-45EE-B0AB-94FE23753AC5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3279C067-3058-4D46-A739-05404FD0E9B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4DF0A7-8BC2-48AE-9036-FED6EEC57DF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0855225-F501-486A-BD03-2A86FD252B5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "214C7B0C-C438-4000-9F9B-6D83294243AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C91AA2E-4BB2-49C8-9364-4E363DF42CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA26781F-5A1C-4DA5-835E-D984D697F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EEA4222-F25D-4457-80AA-6D05CA918D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F3E60D1-5CF9-4F96-9EDB-D87F8CF57272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4D321BC-6B1D-4C71-8E16-5A1319CEFD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6777AC35-9D1F-4153-94AC-B25627D730E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F063F4-8994-4E46-BA7B-A12A112009BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6F2DE5-AF11-439A-8D37-30CB882ECD58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E213DD86-5419-42C8-BF38-7795DDB3C582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A972291E-5231-439D-873B-2F87BCAF800A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C089CC54-3229-43D7-AA15-73CFA1A43EE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF268D83-C15D-4559-A46F-844E1D9264F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFE97C0D-3EA1-4314-A74A-7845C7778FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "34293F29-F327-4ADD-BF62-78F63F79BB96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*",
              "matchCriteriaId": "528C0A46-1CC4-4882-985A-0BB41525BC6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "643F3522-A452-4927-944D-532574EC4243",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "58F40B78-4DBA-44EE-8420-086789EFF53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "423BFD8F-4B50-43DA-9979-75FD18FBC953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BAD4A68-0481-476F-BBBD-3D515331368C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "838CEB7C-7C4C-416C-86CE-6E8DD47EF25B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7D021F-3C97-45B3-B1F7-0AC26959F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A31AEF3-448D-417B-9589-4BA0A06F2FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7A1D96F-7FFD-413F-ABCE-4530C3D63040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB2B08B-D3C7-4B82-B170-471D6CDEFAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B8343FE-1320-40AE-A37F-70EF1A4AC4B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD42BA5A-7DA0-409D-8685-E43CF9B61D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5FF80E9-CF28-4EF6-9CFE-4B500A434674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7896A6C6-5918-4C27-85AF-6FEEFC7F8FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "647B77A4-2F49-4989-AF43-961D69037370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "805B1E33-F279-4303-9DF3-C81039A40C1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B971EA9E-AE5C-4A1D-AD55-8241F7B38C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7E0AAE-6539-4024-9055-BE0BAD702143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F1A8828-0765-4799-AD6C-143F45FAAD23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "12D34618-1CCA-405B-A49C-EB384A09C2C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "575D6061-66BC-4862-BC84-ECD82D436E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "56B6EE64-1AD4-46B2-BA65-BB6282E56EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "11650B45-0BDA-42BF-AEF3-83B48DD6A71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3C92BA-827B-48AF-BBB3-FB60A9053C22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC097E24-F6C9-40D9-95E9-7EFDFA61AFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB44CA7-DFE6-4B1A-9A63-97AE30017E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B305EFA-6226-412C-90EE-F0691F2DDDE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3874FA-63CB-4B5D-8B64-CE920320A4E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0800ED17-50E4-43F3-B46C-591DFA818BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*",
              "matchCriteriaId": "A46B0405-F301-4209-8766-6E12EAFAD157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F99F9F1F-A967-4884-96CF-4488102DC0A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA9B37AD-4599-425B-B39F-E571F4975266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A5F1CF-A1E6-45F1-8B09-36566778DB57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "698C8A49-888B-4675-B3B0-25EDE2FD515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D98F97-8EF4-48B5-84BE-C3CC27031FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*",
              "matchCriteriaId": "B473D1FA-909B-492E-9C5B-94B0E20E1C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD5EA7E-322E-4CE6-89D4-7DB1055C9034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "67836379-4E1A-45CD-9506-7D3F612E47C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1BBC61-8664-4452-93A7-DDB4D2E4C802",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F1B50C-FC5F-47F4-87BC-60E1BD3DD1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "044F0375-DF2F-4D9B-AD7E-473D34165E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEE9B72-5C4C-40C0-A8A7-9DF11655DA43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0655CA-A88C-4632-9A18-560E3F63B2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C1454DD-DA51-4CBC-8BB2-09D5AB5777DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6965851-3B29-4C21-9556-97FD731EAA85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*",
              "matchCriteriaId": "52984FD2-44E0-4E91-B290-0376737EEF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C5D92E2-E718-4247-BA5D-DFE86C0F6AAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF933366-7503-4F8D-B7AA-F6A16210EC37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2DAF5D-5BB7-49C6-8426-8B547505B6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EABB21D-D021-434B-B147-CAF687097A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*",
              "matchCriteriaId": "7609424D-95F1-4493-A20C-B1BA4EC6439D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "966DC636-C802-4D9F-8162-652AFB931203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A75794EB-A5AF-43F0-985F-D9E36F04C6D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C2CFF0-98FD-4A0D-8949-D554B2FE53D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*",
              "matchCriteriaId": "05F9217F-5028-4659-AA8E-F60548DE4D52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC769DC-CF2E-4A3C-A610-264F024E6279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2B1CBF-D155-49BC-81A4-4172F177A5C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "370B2B32-519E-4373-8A04-5C5025D688BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83D9B562-C279-4A55-A347-F28FC4F9CD12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A8C2BA0-48A8-4107-8681-A7C34C553D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B009DE-A82F-4569-9B42-EC1EC4DA8A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "683B6E83-37FF-4F9B-915F-059EBB29DB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E218718F-4BE6-48B0-A204-9DD4A932A654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0AB327-B60A-473C-9D36-97766EE62D7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA249EE-4786-4E27-8787-5E8B88C2AEB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBD0529-1CF3-44E5-85B3-19A3323C9493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D664EE97-07EC-410F-94C3-AEAB2C6A627D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31DB981-03B1-4A84-8D87-CD407C3C149F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CBD155D-89D9-4677-A621-4D7613BE65C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02BD0D4-FFFD-4355-97D8-170362F10B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6635781A-2651-4EF2-A5AC-AEEEE63FDE6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DCE6930-760A-48C0-B964-1E3ED6A8517C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E52DE90-DF96-4CE7-B8D1-226BA50E4D09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8EB40E7-9B91-4106-B303-2B70AF395BFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB0D5CD-8AF3-409D-96A7-718641D4B90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E420B0B-0CD5-41C7-B25A-3DB856055F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B0C295B-0D63-4BE7-830D-D927E00C301C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "605C340D-2220-4669-B827-9009CB099E8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8791879D-2908-4F57-8DB3-6D24100A9108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBEDBBA-0427-4DE0-BA8D-737DE7DF80E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E823DC5B-98BE-4656-BFBF-3A7018F8F213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E8D558-ADE0-4358-9C76-7BD77BF23AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7973B3D0-F244-4E26-88F5-A2D9BF2E4503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68E6BAB9-CBA4-4362-BC82-00D2C5CC6FB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD3F4BFF-3CBE-4E4B-8B29-B203F99CFD8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F5CB567-4F86-4466-BE4D-BFF557ACAE0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A52611B-6583-4660-90D7-C9472728072B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E80C6E89-B57C-47BB-8B95-50C03DFB3B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9AB685B-FEE1-41EF-A046-1B34619E12A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB9F6724-967A-4AF0-9896-12BF6164B2CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC1116BF-12D7-47CC-98DB-18B200CF9C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBB28DE-726B-4AF0-88A5-35987E1E648B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EA1DB22-8FBF-4CF6-AA96-5B68EE28877D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1880E2B8-5E0E-4603-8D17-3ABA43D28179",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAFBB92-1917-4238-832B-195FBE418271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91DFDF3F-9A3F-42B8-99A1-A3F76B198358",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8778F972-BF34-482F-9FA7-71A77F6138E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F288BB0-FE7A-4900-B227-BE80E4F4AADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A8DC53A-90C6-47FE-89F1-A1FE8B1C07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E16338-A094-4CA9-B77F-6FE42D3B422C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E07AB33-5351-487D-9602-495489C7C0B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22115ED6-1707-4840-B0D1-AD36BC0C75A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C633BC-831F-4CB7-9D62-16693444B216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CF5EE7E-F41B-44EC-9F69-7963B1BF1FB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD501E1-E78F-44C6-8A13-C29337B07EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9085BA0B-B7E2-4908-90C0-B4183891C718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2267CB8-0EE9-4DBD-AD5F-8A13BB62673C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81971C2F-137A-4F11-8C93-3B99D4CD1B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98E0BDAC-398E-406B-B2DB-AE049D6E98B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB66D7E-B465-4A8B-8CBD-7E93CCA2CD6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86AFDE6C-DE58-4C4D-882E-474EF6C3D934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "950C6BF9-AA47-4287-AC01-D183237490FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2355181D-D8EE-4F80-8280-13D5CBCF4779",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5209343F-66B0-4DC0-9111-E2E64CFF7409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "720109A6-B79E-48E1-9AE7-7708B154788E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82FF0DBD-AE13-4232-80F7-F4C2E2CC9721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5E944ED-8C02-46B8-BF95-0CE4C352753B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77AEA3D1-4846-46E2-9B80-20B19F00DC11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1576978F-E93D-4A47-90B6-6A4E3A7DE558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D339FE5-001F-4005-88A5-CFFE37F9B63E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDABA86-497E-497E-A5BA-46F913A4840A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD886F4C-DB6F-4DDD-9807-8BCBB625C226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E16912A-7F6A-4A2B-B70F-D1FCD34BC7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C454B7-E5F4-4AAE-B577-FD71FA002C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38BE2781-3A06-4D62-AC8B-68B721DA526B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AE4EA5-B8C8-4AE2-9614-F9DBDB4D79DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA23772-2EB8-4BEE-8703-26D967EC4503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "72DC766A-B1F9-4B83-9F9B-CF603EE476BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA594740-43C5-4F42-BA5B-00CA8AE7BB60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "572B16E2-8118-43A0-9A80-5D96831D55FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FB5C551-BADC-4A3A-93E5-2EBCA0704C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5383B7A3-1569-4FEB-B299-B87CE8C8A87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A05BBDE0-6C47-4489-9455-7DA7D230ECA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1789AA69-EA31-44D1-82E6-228E48E18586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A7D5FF-3B1F-4C64-BB81-7A349765520D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D93A92E9-C8D2-4F6E-A5CA-E8AFFEEC7E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F0498B3-393A-4C32-B338-E6014B956755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C451F752-6869-4AFA-BAE5-5C9A54427BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83710FD1-099B-436D-9640-061D515E10BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B71CE-6156-40E1-B068-A2B733E205E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DEEEE5-5055-4CE1-962C-C5F075F4CC02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8718DDAB-3208-48CF-9BCE-54DA1257C16A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1AA901-E822-4240-9D82-C9311E4F87B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CDE3DF-8E79-4997-94EB-B517FFCAE55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A0DE13-EB0B-493B-BC84-3AEB3D454776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1727697B-1F59-4E29-B036-C32E9076C523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E69E827C-C0D0-46C7-913A-1C1E02CEAACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2528F3F9-34DC-41DA-8926-382CB3EF5560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E452C262-5A8D-4D97-BC7F-A4F5FF53A659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D57BF69-D750-4278-98AA-976B0D28E347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76ADAE30-6CAD-4F5B-B6F7-C18953144C63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A25D792-E21D-43EE-8B9D-67DE066DE5DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C669783-C058-4B4F-BB9A-84B2C4682247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "159B088B-9A85-4CAA-854A-AA080E528F95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBE74A94-FE8F-4749-A35A-AB7D57E24913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "990AC341-0E67-4A81-87E9-EE3EFD9E847E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53BC18B0-58F1-4477-9978-CA7383C197FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "474992FB-842D-4661-A565-44AF2CD78693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "476E1B79-5342-4895-96D7-E97DFC1F5334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD318D5-89A6-4E28-939C-C5B61396806B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "981AD3FF-1D14-4ECD-8B6F-BCEB7F2409AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32C7E89-32ED-4328-9313-FA7D3DDBDC58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2792EED8-2CBD-478E-BC09-05FE830B3147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B1AF2F-6E48-4DBD-A60E-3088CA4C3771",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*",
              "matchCriteriaId": "34E1691D-65B3-45E4-A544-8B29E38D569D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*",
              "matchCriteriaId": "E42F2703-B8AB-410E-AF7B-CD0BE777F061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*",
              "matchCriteriaId": "31244C94-00A3-499C-A91A-1BEF2FB0E6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*",
              "matchCriteriaId": "878FF6E8-8A6D-44CE-9DD1-2C912AB8A193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5078A95B-2BD8-4A37-A356-F53D1A53CB37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BFE67CD-DE53-4C4E-8245-35902AEFA6E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F231D31-3AAD-4C5D-A225-D2DF94486718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5998DF5D-E785-45EC-B8D0-1F4EC4F96D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EADFD013-0BFB-427C-98E6-F9E4774DCBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "58620B10-FEA6-456D-B6B5-2745F5DBE82D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8F698B1-D9CF-4FE5-933D-EFCEA3056E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4858A1F0-97F2-4258-AB98-027BF1EC5117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C961A8B-EAFD-4F66-9432-BCC0D154ECCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "052DE6CD-A1E7-4E81-B476-66EF451061C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE1AE1E-6FC0-41D8-857C-C5A99CAF5823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "751B3AC8-D45E-46B6-83D5-311B693F3C0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9588277A-0B97-4408-9CF7-11271CDAADD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "479FE854-85E5-4ED0-BFAF-2618C9053082",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*",
              "matchCriteriaId": "E048B9BF-77C8-49F7-9F2D-9999F79BA264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD16D4D-E816-486D-96F4-5A2BF75B959F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "169C558E-1A83-47D5-A66B-035BD1DD56FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D683E509-3FB2-4175-BCAB-4EB1B5C04958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCFA915-5445-4732-9F8F-D7561BA4177F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63A9FD98-C22D-48F6-87A1-60791C818A1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F99F24-1783-4E6E-BE61-04C2E80356ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "74CC7EB9-3F59-4C0A-B3A1-984BCCFB25BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*",
              "matchCriteriaId": "85289E4C-C813-4677-867D-EE8E98F4A1A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C8150F-BEFA-406D-9F0D-E7CB187E26AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E807F90-819F-4103-B1F7-4CE46971BD63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD93203F-71B9-4F87-B5D8-FD273451C8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E652C74-C48D-4F29-9E85-09325632443F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "99158191-3013-4182-8A53-5DFCA1E2C60A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7E39A3E-7EAE-47C9-930B-58A980B73FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFDA54BA-C00D-4890-9B7F-328257607B21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5EFB1E-334C-4B55-8E2E-6AE19B34774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8260DCA-2F0C-45F7-B35F-D489AF5639F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7778F81B-6D05-4666-B1D4-53DB0EC16858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DC6706A-61F7-4AA0-B2FF-0FFDF739A644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF1B16B-02F2-4ECA-938E-B5CDCFC67816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C5501D8-1B0D-4F5A-AFD7-C63181D3281F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1751F0CE-A0D3-40E2-8EEC-D31141FE33A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FF9AFA7-BBE8-4229-94CB-5A9596728BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23A777F-68A4-4217-A75A-4D8A27E6451A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA27DFB-CDD1-4F52-86B3-DB2320A9C7B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "392A4337-11F6-4980-A138-4FDBCAD0EBA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E9BB67-F1FF-4190-889F-78B965CCE934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4185A70-5D10-448E-A9AB-AA9D5CDF0FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "35607317-0928-4297-A33E-D44BEE1BBEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D48323B1-7FEB-451F-A064-23E7CE7F6403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29EF4E8A-EF37-4DCC-B5D4-DA89AF31DD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5763189-7980-4A72-92C9-1908FE9E15EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C53ACD49-DA21-4DDE-A0AA-FCCD59D29886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4326D350-EBC2-48E6-A2C6-0499F6826CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8594E6FE-B6DB-4343-B3DD-AEC19923DAF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BCADA00-E453-414D-9933-FCB43D21BBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E62212D9-F707-4A8E-AB2A-A3985E7A4049",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "561755A8-8AAD-4F41-8266-747EFDAF2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6F4BB0F-DAF4-479B-B78A-7929C151AA1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A207312E-1D35-4464-A111-22C4C793E146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9B16E32-07D5-445B-BAA5-4E4A0881BFC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CF08F6B-2ECB-414C-82D7-C06085BF8B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "21032BE3-74D8-4C3F-B461-158F475B6853",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F9AC992-59B7-44EE-9FF3-567AC48938AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:5118:*:*:*:*:*:*:*",
              "matchCriteriaId": "B44B3BFF-649A-4C1E-9564-EFA007FA2BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:5119t:*:*:*:*:*:*:*",
              "matchCriteriaId": "C04EDD71-15B3-4085-828C-BB7A43DBDCC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:5120:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC1BA7AC-989B-4093-841A-C6D5978BF17F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:5120t:*:*:*:*:*:*:*",
              "matchCriteriaId": "1874F848-B15B-4369-A164-5FA11D2B9AFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:5122:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E46F934-9765-43ED-88A7-A4778C99A976",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6126:*:*:*:*:*:*:*",
              "matchCriteriaId": "380A8F4F-7D1F-4F79-B555-E5AE18EF9F5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6126f:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D5217E-9520-4FDB-9330-C8DC2CDDAA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6126t:*:*:*:*:*:*:*",
              "matchCriteriaId": "B206674F-1A34-470B-820C-05F9C37792CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6128:*:*:*:*:*:*:*",
              "matchCriteriaId": "63AE2051-9F8E-4477-8E1E-38A1E06AD247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6130:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B39281F-990C-4AA3-9287-CCB5BA7E8AC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6130f:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EDC0FCF-BD22-42AD-8044-9A64215B91CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6130t:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E0ED8AA-56D8-4CB6-A765-706BE87C9E30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6132:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA890C07-7940-4DF4-96FB-8F71A2EFE5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6134:*:*:*:*:*:*:*",
              "matchCriteriaId": "E95A34F0-0B74-4031-BC9E-CBC93665BE68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6134m:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CD3CF38-0DDD-4C1C-B420-4DE0B1C932CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6136:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BB22DF7-15CE-4340-A05F-BD39FCA41F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6138:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA72DC8-2E4E-453A-A3FB-20F31D32B973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6138f:*:*:*:*:*:*:*",
              "matchCriteriaId": "758E45B6-7C7A-432D-891D-CB99077AE3B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6138t:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B3CDFF-B055-4BB4-98FB-DFF4B2E63A29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6140:*:*:*:*:*:*:*",
              "matchCriteriaId": "26D7A401-BCE1-4673-93C9-67F009B75A39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6140m:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E62119B-2A65-4473-B570-F118614B0ED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6142:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E5319E0-909C-4688-AAA6-6A0B5D19FFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6142f:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F83F9F9-D2DB-4D40-AD61-29E66B050B45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6142m:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BE6238-312E-4CF7-9E74-48CB5603B0FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6144:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC09EB6D-7FAC-4B61-83A5-B0DC18D54EB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6146:*:*:*:*:*:*:*",
              "matchCriteriaId": "33BA1BE0-0A78-4E94-A619-35735C913180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6148:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FDD838C-8037-49E1-BAB4-C1D7D29BB9D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6148f:*:*:*:*:*:*:*",
              "matchCriteriaId": "24CA40FE-80C5-4A20-8219-CEF51F3162FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6150:*:*:*:*:*:*:*",
              "matchCriteriaId": "B10305C5-0C2C-48B7-A0AD-2B24AD722EBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6152:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E8F127-6EAE-4302-BD52-7C3FCCA307D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6154:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D675EA9-33E7-45ED-B6A9-7117AD2FEE26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7210:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E468FE-73BE-4B20-B774-58EC7CD20CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7210f:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF6B19B-7D45-44B3-8524-407253B93EEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7230:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B803FAD-E54D-49FE-A078-029B8FFBBB98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7230f:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC511505-ED67-45B4-B76C-56AB750C4408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7235:*:*:*:*:*:*:*",
              "matchCriteriaId": "A430C232-79EB-4264-AE24-41D4A2A5D990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7250:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A9E3D4B-A3DF-4858-8C64-0316B6E57435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7250f:*:*:*:*:*:*:*",
              "matchCriteriaId": "19108672-E1AA-41CC-B86C-061D3721C8B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7285:*:*:*:*:*:*:*",
              "matchCriteriaId": "200D36CF-AEDE-4183-8C54-748E6E5A3218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7290:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CF13A44-5163-4282-8EE8-7DC05499B5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7290f:*:*:*:*:*:*:*",
              "matchCriteriaId": "827C12CE-D87D-489D-ABA7-BE0405EC33D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7295:*:*:*:*:*:*:*",
              "matchCriteriaId": "16AA78F7-520B-4FFC-838C-DC74FEE8E13F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CB2949C-4699-49EF-83EB-31199E0CE2DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C169DC-EEFE-4DE6-A3D0-65B606527240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD28227A-8888-43B2-BC41-8D54B49DA58C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*",
              "matchCriteriaId": "7984BAEA-4518-4E17-830E-B34D09648BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2214E5-491E-448F-A4B6-A497FB44D722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE93013-C262-46A5-8E77-D647881EE632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*",
              "matchCriteriaId": "85B53CEC-943F-4966-8EC1-CB2C6AD6A15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAC04A3-EBE3-406B-B784-A3547162ECE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*",
              "matchCriteriaId": "15720FFE-B2A4-4347-BCD7-DFA6774C0B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F46B0E-C746-44B4-B343-E3DCAB4B98DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AE30903-4F75-4D71-A8BB-44D1099E9837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*",
              "matchCriteriaId": "98311EAA-26C8-4092-8BE5-4E7BEAA68DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB8CF348-811C-4342-ACB9-AFCABCC34331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*",
              "matchCriteriaId": "71998EC5-EC0F-496C-B658-3CD91D824944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1F19B2A-E7A1-4B97-AC40-02B0D3673555",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6387C9-C0A8-4B26-BC62-802775CD0AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFEB0164-77C2-4EC2-92FD-5FCE246119CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB20210-337C-4220-8CA1-F4B2BC54EBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*",
              "matchCriteriaId": "F699569F-4F52-4CC0-90D9-CC4CBC32428A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBAED22B-D097-49C4-ADDF-4B3F3E1262D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACF5C3C2-EE69-4DE7-A76C-C797192EE7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*",
              "matchCriteriaId": "7756B588-5A63-4508-8BDD-92DB8CB0F4AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*",
              "matchCriteriaId": "316E26AE-67A5-4E75-8F9B-ECF4A03AED51",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "55E27011-7CEB-423B-A122-A0BFE563E884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51E86F5-8F94-4E7C-9A63-DAA3FCBE0438",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F2840B8-0E47-4003-9168-4AF94D7AB146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "001AB619-157E-40B4-B86C-5DB18245D62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "1221FB4F-488A-4A52-8788-82ECBF92113B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:57:*:*:*:*:*:*:*",
              "matchCriteriaId": "38D51E27-28A3-47A1-9C36-1A223858E352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:72:*:*:*:*:*:*:*",
              "matchCriteriaId": "365DF3EF-E7D1-41FC-8382-D3B095542D59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:73:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B2B122-34A9-4534-A996-8FEAACA71A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:75:*:*:*:*:*:*:*",
              "matchCriteriaId": "C850453B-CDB1-490D-B551-9AC0B27D8A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:76:*:*:*:*:*:*:*",
              "matchCriteriaId": "E46D6A37-5E4F-4DC0-BA02-6C9994FE1178",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-r:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "01849B7E-AA70-4301-AECB-81167DC03675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-r:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "37960E0A-0D5B-4847-BD9C-E34C99FE7AAD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:16.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C0B6815-6F8F-422D-8A9C-2C22691787FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:16.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B63EF130-191C-47A1-9D54-0AB3159EB303",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F361FE13-CB9B-4BBA-AB61-6EE2C5E9A6E5",
              "versionEndIncluding": "13.3",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8263DD50-D5F0-42BC-810E-A27155655154",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:solidfire_element_os_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD8D649-8F3E-4B22-912C-FE94CDC88A67",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "484B376F-23DA-4477-BFF5-174B9542E2DD",
              "versionEndExcluding": "xcp3090",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2BDE31B-87D6-4DB8-BF36-AF35F5583A1D",
              "versionEndExcluding": "xcp3090",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4507F493-1DA5-4F08-9D03-07E8961378B0",
              "versionEndExcluding": "xcp3090",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis."
    },
    {
      "lang": "es",
      "value": "Los sistemas con microprocesadores que emplean la ejecuci\u00f3n especulativa y la predicci\u00f3n de ramas podr\u00eda permitir la divulgaci\u00f3n no autorizada de informaci\u00f3n a un atacante con acceso de usuario local mediante un desbordamiento de b\u00fafer especulativo y el an\u00e1lisis de canal lateral."
    }
  ],
  "id": "CVE-2018-3693",
  "lastModified": "2024-11-21T04:05:53.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.1,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-10T21:29:01.340",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2384"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2390"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2395"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1946"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0174"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-05-23 13:29
Modified
2024-11-21 03:59
Severity ?
4.8 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html
secalert@redhat.comhttp://seclists.org/oss-sec/2018/q2/122Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/104214Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id/1041057Third Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1700Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1777Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1820Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:2267Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:2268Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2019:1944
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2018/05/msg00021.htmlThird Party Advisory
secalert@redhat.comhttps://usn.ubuntu.com/3658-1/Third Party Advisory
secalert@redhat.comhttps://usn.ubuntu.com/3658-2/Third Party Advisory
secalert@redhat.comhttps://www.debian.org/security/2018/dsa-4208Third Party Advisory
secalert@redhat.comhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txtExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2018/q2/122Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104214Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041057Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1700Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1777Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1820Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1944
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/05/msg00021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3658-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3658-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4208Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txtExploit, Third Party Advisory
Impacted products
Vendor Product Version
procps-ng_project procps-ng *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
canonical ubuntu_linux 18.04
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat enterprise_linux 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server 7.5
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_workstation 7.0
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:procps-ng_project:procps-ng:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3B02AD-4269-4FF0-9E2B-C336F3E56A7B",
              "versionEndExcluding": "3.3.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "24D3235A-DB42-4868-90D9-712C3B3693AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "13E02156-E748-4820-B76F-7074793837E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124."
    },
    {
      "lang": "es",
      "value": "procps-ng en versiones anteriores a la 3.3.15 es vulnerable a un tama\u00f1o de entero incorrecto en proc/alloc.* que conduce a problemas de truncado/desbordamiento de enteros. Este error est\u00e1 relacionado con CVE-2018-1124."
    }
  ],
  "id": "CVE-2018-1126",
  "lastModified": "2024-11-21T03:59:14.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 3.4,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-23T13:29:00.343",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/oss-sec/2018/q2/122"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104214"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041057"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1700"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1777"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1820"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2267"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2268"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2019:1944"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3658-1/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3658-2/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4208"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/oss-sec/2018/q2/122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3658-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3658-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4208"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-19 02:29
Modified
2024-11-21 04:04
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/103848Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201903-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3644-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3691-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4185Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4225Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103848Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3644-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3691-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4185Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4225Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 10
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 10
oracle jrockit r28.3.17
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp7_command_view -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "5B9A0DD9-878D-42E8-AA57-283E5D1E0A64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "F5A7A396-AF98-46BD-8B73-8CAC02BF12B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "4009C7E0-94C7-4838-94CF-5607D7C575CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0231D6-CA6A-4F76-997A-93AFB840CAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "DD3B3C9B-A53B-4921-8F5F-FF118283D958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "038F6540-6674-4D7A-9A70-A62B0F3C9A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "0F88A87F-D142-4FFD-8121-52FC9A4B70E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "095351DA-F50B-4BAF-A4EF-A9C1F8E40E12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A13AA87-5F14-4728-B317-17C3A782FA34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:-:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "0F572462-50D0-4567-8C72-4A9C3054EDCF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son JavaSE: 6u181, 7u171, 8u162 y 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2018-2815",
  "lastModified": "2024-11-21T04:04:31.587",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-19T02:29:04.630",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103848"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-05-23 13:29
Modified
2024-11-21 03:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://seclists.org/oss-sec/2018/q2/122Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/104214Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id/1041057Third Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1700Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1777Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1820Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:2267Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:2268Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2019:1944Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2019:2401Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert@redhat.comhttps://kc.mcafee.com/corporate/index?page=content&id=SB10241Third Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2018/05/msg00021.htmlThird Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/201805-14Third Party Advisory
secalert@redhat.comhttps://usn.ubuntu.com/3658-1/Third Party Advisory
secalert@redhat.comhttps://usn.ubuntu.com/3658-2/Third Party Advisory
secalert@redhat.comhttps://www.debian.org/security/2018/dsa-4208Third Party Advisory
secalert@redhat.comhttps://www.exploit-db.com/exploits/44806/Third Party Advisory, VDB Entry
secalert@redhat.comhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txtExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2018/q2/122Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104214Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041057Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1700Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1777Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1820Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2267Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2268Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1944Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2401Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10241Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/05/msg00021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201805-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3658-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3658-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4208Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/44806/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txtExploit, Third Party Advisory
Impacted products
Vendor Product Version
procps-ng_project procps-ng *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
canonical ubuntu_linux 18.04
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 7.5
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
schneider-electric struxureware_data_center_expert *
opensuse leap 15.0
opensuse leap 15.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:procps-ng_project:procps-ng:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3B02AD-4269-4FF0-9E2B-C336F3E56A7B",
              "versionEndExcluding": "3.3.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users."
    },
    {
      "lang": "es",
      "value": "procps-ng en versiones anteriores a la 3.3.15 es vulnerable a m\u00faltiples desbordamientos de enteros que conducen a una corrupci\u00f3n de la memoria din\u00e1mica (heap) en la funci\u00f3n file2strvec. Esto permite el escalado de privilegios para un atacante local que puede crear entradas en procfs empezando procesos, lo que podr\u00eda resultar en cierres inesperados o la ejecuci\u00f3n de c\u00f3digo arbitrario en las utilidades proc ejecutadas por otros usuarios."
    }
  ],
  "id": "CVE-2018-1124",
  "lastModified": "2024-11-21T03:59:13.937",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-23T13:29:00.263",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/oss-sec/2018/q2/122"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104214"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041057"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1700"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1777"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1820"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2267"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2268"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1944"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2401"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201805-14"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3658-1/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3658-2/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4208"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44806/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/oss-sec/2018/q2/122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201805-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3658-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3658-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4208"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44806/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        },
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-19 02:29
Modified
2024-11-21 04:04
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/103872Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3EIssue Tracking, Mailing List, Third Party Advisory
secalert_us@oracle.comhttps://lists.apache.org/thread.html/b53d4601ecd9ec63c799dbe1bc5b78e0d52f4cef429da2dfe63cf06d%40%3Cfop-dev.xmlgraphics.apache.org%3EMailing List, Third Party Advisory
secalert_us@oracle.comhttps://lists.apache.org/thread.html/r449b5d89c7b2ba3762584cf6c38e01867d4b24706e023cf2a9911307%40%3Cuser.spark.apache.org%3EMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201903-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3644-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3691-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4185Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4225Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103872Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3EIssue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b53d4601ecd9ec63c799dbe1bc5b78e0d52f4cef429da2dfe63cf06d%40%3Cfop-dev.xmlgraphics.apache.org%3EMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r449b5d89c7b2ba3762584cf6c38e01867d4b24706e023cf2a9911307%40%3Cuser.spark.apache.org%3EMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3644-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3691-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4185Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4225Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 10
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 10
oracle jrockit r28.3.17
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
hp xp7_command_view *
schneider-electric struxureware_data_center_expert *
apache xerces-j *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "F5A7A396-AF98-46BD-8B73-8CAC02BF12B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "4009C7E0-94C7-4838-94CF-5607D7C575CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0231D6-CA6A-4F76-997A-93AFB840CAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "038F6540-6674-4D7A-9A70-A62B0F3C9A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "0F88A87F-D142-4FFD-8121-52FC9A4B70E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "095351DA-F50B-4BAF-A4EF-A9C1F8E40E12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A13AA87-5F14-4728-B317-17C3A782FA34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "87D4ED85-90F6-47E6-BF08-3595DB22C7B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:xerces-j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33C2357-B184-4B52-9371-64A45FE0CE23",
              "versionEndExcluding": "2.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JAXP). Las versiones compatibles que se han visto afectadas son JavaSE: 7u171, 8u162 y 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2018-2799",
  "lastModified": "2024-11-21T04:04:29.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-19T02:29:03.880",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103872"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/b53d4601ecd9ec63c799dbe1bc5b78e0d52f4cef429da2dfe63cf06d%40%3Cfop-dev.xmlgraphics.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r449b5d89c7b2ba3762584cf6c38e01867d4b24706e023cf2a9911307%40%3Cuser.spark.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/b53d4601ecd9ec63c799dbe1bc5b78e0d52f4cef429da2dfe63cf06d%40%3Cfop-dev.xmlgraphics.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r449b5d89c7b2ba3762584cf6c38e01867d4b24706e023cf2a9911307%40%3Cuser.spark.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-04-13 16:15
Modified
2024-11-21 05:50
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
References
cybersecurity@se.comhttps://www.se.com/ww/en/download/document/SEVD-2021-257-03/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.se.com/ww/en/download/document/SEVD-2021-257-03/Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7773EA4-29BE-4527-A5E6-5271C15D8F60",
              "versionEndIncluding": "7.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)"
    },
    {
      "lang": "es",
      "value": "Una CWE-78: Se presenta una vulnerabilidad de Neutralizaci\u00f3n Inapropiada de Elementos Especiales Usados en un Comando del Sistema Operativo (\" Inyecci\u00f3n de Comandos del Sistema Operativo\") que podr\u00eda causar una ejecuci\u00f3n de c\u00f3digo remota cuando es llevado a cabo a trav\u00e9s de la red. Producto afectado: StruxureWare Data Center Expert (versiones V7.8.1 y anteriores)"
    }
  ],
  "id": "CVE-2021-22795",
  "lastModified": "2024-11-21T05:50:41.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-13T16:15:09.313",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-04-18 21:15
Modified
2024-11-21 07:49
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCD63E5-0A70-47B2-9F4F-5328E0BD04B0",
              "versionEndIncluding": "7.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\n\n\n\n\n\n\n\n\n\n\nA CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site\nScripting\u0027) vulnerability exists on a DCE file upload endpoint when tampering with parameters\nover HTTP.\n\n\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
    }
  ],
  "id": "CVE-2023-25551",
  "lastModified": "2024-11-21T07:49:42.847",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.2,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-18T21:15:08.653",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-19 02:29
Modified
2024-11-21 04:04
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/103877Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201903-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3644-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3691-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4185Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4225Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103877Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3644-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3691-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4185Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4225Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 10
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 10
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
hp xp7_command_view *
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "5B9A0DD9-878D-42E8-AA57-283E5D1E0A64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "F5A7A396-AF98-46BD-8B73-8CAC02BF12B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "4009C7E0-94C7-4838-94CF-5607D7C575CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0231D6-CA6A-4F76-997A-93AFB840CAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "DD3B3C9B-A53B-4921-8F5F-FF118283D958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "038F6540-6674-4D7A-9A70-A62B0F3C9A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "0F88A87F-D142-4FFD-8121-52FC9A4B70E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "095351DA-F50B-4BAF-A4EF-A9C1F8E40E12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "87D4ED85-90F6-47E6-BF08-3595DB22C7B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son JavaSE: 6u181, 7u171, 8u162 y 10; Java SE Embedded: 8u161. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 3.1 (impactos en la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
    }
  ],
  "id": "CVE-2018-2790",
  "lastModified": "2024-11-21T04:04:27.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-19T02:29:03.413",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103877"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102629Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102629Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jrockit r28.3.16
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 6.0
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7283D6DD-DBFA-456F-9381-692B605B5625",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, y JRockit de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son JavaSE: 6u171 y 7u161; JRockit: R28.3.16. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE y JRockit. Nota: Esta vulnerabilidad s\u00f3lo puede ser explotada proporcionando datos a las API en los Componentes especificados sin emplear aplicaciones Java Web Start que no son de confianza o applets Java que no son de confianza, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2018-2657",
  "lastModified": "2024-11-21T04:04:10.243",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:21.743",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102629"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-04-30 20:59
Modified
2024-11-21 03:33
Severity ?
6.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.
References
cve@mitre.orghttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-343-01Mitigation, Patch, Vendor Advisory
cve@mitre.orghttp://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patches-critical-vulnerability-in-struxureware-dcim/97738.fullarticleThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-343-01Mitigation, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patches-critical-vulnerability-in-struxureware-dcim/97738.fullarticleThird Party Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DAF6EE3-6DFF-4A1F-AAF1-BB0F58EC9EF5",
              "versionEndIncluding": "7.3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Schneider Electric StruxureWare Data Center Expert anterior a 7.4.0 utiliza el almacenamiento en memoria RAM de texto claro para contrase\u00f1as, lo que podr\u00eda permitir a los atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2017-8371",
  "lastModified": "2024-11-21T03:33:53.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-30T20:59:00.167",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-343-01"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patches-critical-vulnerability-in-struxureware-dcim/97738.fullarticle"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-343-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patches-critical-vulnerability-in-struxureware-dcim/97738.fullarticle"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102605Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3614-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102605Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3614-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4166Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 9.0.1
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: AWT). Las versiones compatibles que se han visto afectadas son JavaSE: 6u171, 7u161, 8u152 y 9.0.1; Java SE Embedded: 8u151. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada de datos confidenciales o de todos los datos accesibles de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 6.1 (impactos en la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)."
    }
  ],
  "id": "CVE-2018-2641",
  "lastModified": "2024-11-21T04:04:08.070",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:20.993",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102605"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102615Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3614-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102615Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3614-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4166Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7283D6DD-DBFA-456F-9381-692B605B5625",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JGSS). Las versiones compatibles que se han visto afectadas son JavaSE: 6u171, 7u161, 8u152 y 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada de datos confidenciales o de todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)."
    }
  ],
  "id": "CVE-2018-2629",
  "lastModified": "2024-11-21T04:04:05.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:20.447",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102615"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-11-30 19:29
Modified
2024-11-21 04:12
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.
References
cybersecurity@se.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18FE50D6-8B63-4AA4-92DF-816535752FB0",
              "versionEndIncluding": "7.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code."
    },
    {
      "lang": "es",
      "value": "Data Center Expert, en versiones 7.5.0 y anteriores, permite la subida de un archivo .zip desde su interfaz de usuario al servidor. Un archivo malicioso cuidadosamente manipulado podr\u00eda ser subido por error por un usuario autenticado mediante esta caracter\u00edstica, que podr\u00eda contener nombres de archivo de salto de directorio. As\u00ed, podr\u00eda permitir la subida de archivos arbitrarios contenidos en el zip en el sistema de archivos del servidor, fuera del directorio planeado. Esto aprovecha la vulnerabilidad \"ZipSlip\" m\u00e1s conocida en el c\u00f3digo Java."
    }
  ],
  "id": "CVE-2018-7807",
  "lastModified": "2024-11-21T04:12:46.247",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-30T19:29:00.390",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-07-12 07:15
Modified
2024-11-21 08:11
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the alert settings of endpoints on DCE.
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdfVendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0F4FA6-8C57-494B-B6AB-5CF125AFBAEE",
              "versionEndIncluding": "7.9.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nA CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command\n(\u0027SQL Injection\u0027) vulnerability exists that could allow a user already authenticated on DCE to\naccess unauthorized content, change, or delete content, or perform unauthorized actions when\ntampering with the alert settings of endpoints on DCE.\n\n"
    }
  ],
  "id": "CVE-2023-37196",
  "lastModified": "2024-11-21T08:11:10.310",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-12T07:15:10.377",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-19 02:29
Modified
2024-11-21 04:04
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/103817Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201903-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3644-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3691-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4185Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4225Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103817Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3644-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3691-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4185Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4225Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 10
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 10
oracle jrockit r28.3.17
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
hp xp7_command_view *
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "5B9A0DD9-878D-42E8-AA57-283E5D1E0A64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "F5A7A396-AF98-46BD-8B73-8CAC02BF12B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "4009C7E0-94C7-4838-94CF-5607D7C575CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0231D6-CA6A-4F76-997A-93AFB840CAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "DD3B3C9B-A53B-4921-8F5F-FF118283D958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "038F6540-6674-4D7A-9A70-A62B0F3C9A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "0F88A87F-D142-4FFD-8121-52FC9A4B70E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "095351DA-F50B-4BAF-A4EF-A9C1F8E40E12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A13AA87-5F14-4728-B317-17C3A782FA34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "87D4ED85-90F6-47E6-BF08-3595DB22C7B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, y JRockit de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son JavaSE: 6u181, 7u171, 8u162 y 10; y JRockit: R28.3.17. Esta vulnerabilidad dif\u00edcilmente explotable permite que un atacante no autenticado con inicio de sesi\u00f3n en la infraestructura en la que se ejecutan Java SE y JRockit comprometan la seguridad de Java SE y JRockit. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y JRockit, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y JRockit. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 7.7 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2018-2794",
  "lastModified": "2024-11-21T04:04:28.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-19T02:29:03.600",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103817"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103817"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-04-18 21:15
Modified
2024-11-21 07:49
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCD63E5-0A70-47B2-9F4F-5328E0BD04B0",
              "versionEndIncluding": "7.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS\nCommand Injection\u0027) vulnerability exists that could allow a user that knows the credentials to\nexecute unprivileged shell commands on the appliance over SSH. \n\n \n\n\n\n\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
    }
  ],
  "id": "CVE-2023-25555",
  "lastModified": "2024-11-21T07:49:43.303",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.4,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-18T21:15:08.910",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-19 02:29
Modified
2024-11-21 04:04
Severity ?
4.2 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/103849Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040697Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201903-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3644-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3691-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4185Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4225Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103849Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040697Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3644-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3691-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4185Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4225Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jrockit r28.3.17
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
schneider-electric struxureware_data_center_expert *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "5B9A0DD9-878D-42E8-AA57-283E5D1E0A64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "F5A7A396-AF98-46BD-8B73-8CAC02BF12B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "4009C7E0-94C7-4838-94CF-5607D7C575CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "DD3B3C9B-A53B-4921-8F5F-FF118283D958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "038F6540-6674-4D7A-9A70-A62B0F3C9A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "0F88A87F-D142-4FFD-8121-52FC9A4B70E0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A13AA87-5F14-4728-B317-17C3A782FA34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1642001C-E9BB-476F-A092-8FDB50B00A6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "87D4ED85-90F6-47E6-BF08-3595DB22C7B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, y JRockit de Oracle Java SE (subcomponente: RMI). Las versiones compatibles que se han visto afectadas son JavaSE: 6u181, 7u171 y 8u162; JRockit: R28.3.17. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y JRockit. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de Java SE y JRockit, as\u00ed como el acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de Java SE y JRockit. Nota: Esta vulnerabilidad s\u00f3lo puede ser explotada proporcionando datos a las API en los Componentes especificados sin emplear aplicaciones Java Web Start que no son de confianza o applets Java que no son de confianza, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 4.2 (impactos de confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)."
    }
  ],
  "id": "CVE-2018-2800",
  "lastModified": "2024-11-21T04:04:29.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-19T02:29:03.943",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103849"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-19 02:29
Modified
2024-11-21 04:04
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/103798Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201903-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3644-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3691-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4185Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4225Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103798Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3644-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3691-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4185Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4225Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 10
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 10
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "5B9A0DD9-878D-42E8-AA57-283E5D1E0A64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "F5A7A396-AF98-46BD-8B73-8CAC02BF12B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "4009C7E0-94C7-4838-94CF-5607D7C575CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0231D6-CA6A-4F76-997A-93AFB840CAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "DD3B3C9B-A53B-4921-8F5F-FF118283D958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "038F6540-6674-4D7A-9A70-A62B0F3C9A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "0F88A87F-D142-4FFD-8121-52FC9A4B70E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "095351DA-F50B-4BAF-A4EF-A9C1F8E40E12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "87D4ED85-90F6-47E6-BF08-3595DB22C7B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Hotspot). Las versiones compatibles que se han visto afectadas son JavaSE: 6u181, 7u171, 8u162 y 10; Java SE Embedded: 8u161. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 8.3 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2018-2814",
  "lastModified": "2024-11-21T04:04:31.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-19T02:29:04.583",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103798"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102662Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3614-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102662Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3614-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4166Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7283D6DD-DBFA-456F-9381-692B605B5625",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Libraries). Las versiones compatibles que se han visto afectadas son JavaSE: 6u171, 7u161, 8u152 y 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 4.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2018-2663",
  "lastModified": "2024-11-21T04:04:11.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:22.007",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102662"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:03
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102597Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102597Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.8.0
oracle jre 9.0.1
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 9.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Hotspot). Las versiones compatibles que se han visto afectadas son JavaSE: 8u152 y 9.0.1; Java SE Embedded: 8u151. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada de datos confidenciales o de todos los datos accesibles de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 6.5 (impactos en la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)."
    }
  ],
  "id": "CVE-2018-2582",
  "lastModified": "2024-11-21T04:03:58.920",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:18.367",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102597"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-19 02:29
Modified
2024-11-21 04:04
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/103846Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201903-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3644-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3691-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4185Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4225Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103846Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3644-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3691-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4185Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4225Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 10
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 10
oracle jrockit r28.3.17
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
hp xp7_command_view *
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "5B9A0DD9-878D-42E8-AA57-283E5D1E0A64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "F5A7A396-AF98-46BD-8B73-8CAC02BF12B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "4009C7E0-94C7-4838-94CF-5607D7C575CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0231D6-CA6A-4F76-997A-93AFB840CAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "DD3B3C9B-A53B-4921-8F5F-FF118283D958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "038F6540-6674-4D7A-9A70-A62B0F3C9A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "0F88A87F-D142-4FFD-8121-52FC9A4B70E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "095351DA-F50B-4BAF-A4EF-A9C1F8E40E12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A13AA87-5F14-4728-B317-17C3A782FA34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "87D4ED85-90F6-47E6-BF08-3595DB22C7B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JMX). Las versiones compatibles que se han visto afectadas son JavaSE: 6u181, 7u171, 8u162 y 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2018-2797",
  "lastModified": "2024-11-21T04:04:28.727",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-19T02:29:03.757",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103846"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103846"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102659Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3614-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102659Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3614-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4166Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7283D6DD-DBFA-456F-9381-692B605B5625",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JNDI). Las versiones compatibles que se han visto afectadas son JavaSE: 6u171, 7u161, 8u152 y 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 4.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2018-2678",
  "lastModified": "2024-11-21T04:04:13.207",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:22.697",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102659"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-04-18 21:15
Modified
2024-11-21 07:49
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCD63E5-0A70-47B2-9F4F-5328E0BD04B0",
              "versionEndIncluding": "7.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\n\n\n\n\n\n\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\nallows for remote code execution when using a parameter of the DCE network settings\nendpoint. \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
    }
  ],
  "id": "CVE-2023-25549",
  "lastModified": "2024-11-21T07:49:42.627",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-18T21:15:08.523",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102633Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3614-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102633Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3614-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4166Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7283D6DD-DBFA-456F-9381-692B605B5625",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JNDI). Las versiones compatibles que se han visto afectadas son JavaSE: 6u171, 7u161, 8u152 y 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en una actualizaci\u00f3n, inserci\u00f3n o borrado de acceso sin autorizaci\u00f3n de datos accesibles de Java SE, Java SE Embedded y JRockit. Adem\u00e1s, pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 4.8 (impactos en la integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)."
    }
  ],
  "id": "CVE-2018-2599",
  "lastModified": "2024-11-21T04:04:01.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:19.087",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102633"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-19 02:29
Modified
2024-11-21 04:04
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/103868Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201903-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3644-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3691-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4185Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4225Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103868Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3644-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3691-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4185Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4225Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 10
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 10
oracle jrockit r28.3.17
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
hp xp7_command_view *
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "F5A7A396-AF98-46BD-8B73-8CAC02BF12B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "4009C7E0-94C7-4838-94CF-5607D7C575CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0231D6-CA6A-4F76-997A-93AFB840CAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "038F6540-6674-4D7A-9A70-A62B0F3C9A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "0F88A87F-D142-4FFD-8121-52FC9A4B70E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "095351DA-F50B-4BAF-A4EF-A9C1F8E40E12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A13AA87-5F14-4728-B317-17C3A782FA34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "87D4ED85-90F6-47E6-BF08-3595DB22C7B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Concurrency). Las versiones compatibles que se han visto afectadas son JavaSE: 7u171, 8u162 y 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2018-2796",
  "lastModified": "2024-11-21T04:04:28.547",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-19T02:29:03.693",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103868"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
4.5 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102642Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3614-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102642Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3614-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4166Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 9.0.1
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: I18n). Las versiones compatibles que se han visto afectadas son JavaSE: 6u171, 7u161, 8u152 y 9.0.1; Java SE Embedded: 8u151. Esta vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar con inicio de sesi\u00f3n en la infraestructura en la que se ejecutan Java SE y Java SE Embedded comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en la actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n de acceso sin autorizaci\u00f3n de algunos de los datos accesibles de Java SE y Java SE Embedded, as\u00ed como el acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de Java SE y Java SE Embedded y la capacidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DOS parcial) de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 4.5 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)."
    }
  ],
  "id": "CVE-2018-2602",
  "lastModified": "2024-11-21T04:04:01.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:19.240",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102642"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102612Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3614-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102612Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3614-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4166Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7283D6DD-DBFA-456F-9381-692B605B5625",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JCE). Las versiones compatibles que se han visto afectadas son JavaSE: 6u171, 7u161, 8u152 y 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.9 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    }
  ],
  "id": "CVE-2018-2618",
  "lastModified": "2024-11-21T04:04:03.570",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:19.990",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102612"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102612"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-04-18 21:15
Modified
2024-11-21 07:49
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCD63E5-0A70-47B2-9F4F-5328E0BD04B0",
              "versionEndIncluding": "7.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\n\n\n\n\n\n\n\n\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\nallows remote code execution via the \u201chostname\u201d parameter when maliciously crafted hostname\nsyntax is entered.\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
    }
  ],
  "id": "CVE-2023-25550",
  "lastModified": "2024-11-21T07:49:42.737",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-18T21:15:08.590",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-07-12 08:15
Modified
2024-11-21 08:11
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdfVendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0F4FA6-8C57-494B-B6AB-5CF125AFBAEE",
              "versionEndIncluding": "7.9.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\ncould cause remote code execution when an admin user on DCE tampers with backups which\nare then manually restored. \n\n\n"
    }
  ],
  "id": "CVE-2023-37199",
  "lastModified": "2024-11-21T08:11:10.723",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-12T08:15:10.133",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-04-18 21:15
Modified
2024-11-21 07:49
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCD63E5-0A70-47B2-9F4F-5328E0BD04B0",
              "versionEndIncluding": "7.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nA CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution\non upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
    }
  ],
  "id": "CVE-2023-25547",
  "lastModified": "2024-11-21T07:49:42.413",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-18T21:15:08.383",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-04-18 21:15
Modified
2024-11-21 07:49
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCD63E5-0A70-47B2-9F4F-5328E0BD04B0",
              "versionEndIncluding": "7.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\n\n\nA CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized\ncontent, changes or deleting of content, or performing unauthorized functions when tampering\nthe Device File Transfer settings on DCE endpoints. \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
    }
  ],
  "id": "CVE-2023-25552",
  "lastModified": "2024-11-21T07:49:42.960",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-18T21:15:08.713",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:03
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102661Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3614-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102661Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3614-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4166Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7283D6DD-DBFA-456F-9381-692B605B5625",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: LDAP). Las versiones compatibles que se han visto afectadas son JavaSE: 6u171, 7u161, 8u152 y 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos de esta vulnerabilidad pueden resultar en un acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de Java SE, JRockit y Java SE Embedded. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 4.3 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
    }
  ],
  "id": "CVE-2018-2588",
  "lastModified": "2024-11-21T04:03:59.683",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:18.600",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102661"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102625Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3614-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102625Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3614-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4166Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7283D6DD-DBFA-456F-9381-692B605B5625",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Libraries). Las versiones compatibles que se han visto afectadas son JavaSE: 6u171, 7u161, 8u152 y 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2018-2603",
  "lastModified": "2024-11-21T04:04:01.660",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:19.287",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102625"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-04-18 21:15
Modified
2024-11-21 07:49
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCD63E5-0A70-47B2-9F4F-5328E0BD04B0",
              "versionEndIncluding": "7.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\n\n\n\n\n\n\n\n\n\n\n\n\nA CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site\nScripting\u0027) vulnerability exists on a DCE endpoint through the logging capabilities of the\nwebserver. \n\n\n\n\n\n \n\n\n\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
    }
  ],
  "id": "CVE-2023-25553",
  "lastModified": "2024-11-21T07:49:43.073",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.2,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-18T21:15:08.777",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-04-13 16:15
Modified
2024-11-21 05:50
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
References
cybersecurity@se.comhttps://www.se.com/ww/en/download/document/SEVD-2021-257-03/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.se.com/ww/en/download/document/SEVD-2021-257-03/Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7773EA4-29BE-4527-A5E6-5271C15D8F60",
              "versionEndIncluding": "7.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)"
    },
    {
      "lang": "es",
      "value": "Una CWE-22: Se presenta una vulnerabilidad de Limitaci\u00f3n de un Nombre de Ruta a un Directorio Restringido (\"Salto de Ruta \") que podr\u00eda causar una ejecuci\u00f3n de c\u00f3digo remota. Producto afectado: StruxureWare Data Center Expert (versiones V7.8.1 y anteriores)"
    }
  ],
  "id": "CVE-2021-22794",
  "lastModified": "2024-11-21T05:50:41.060",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-13T16:15:09.257",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102557Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3614-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102557Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3614-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4166Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7283D6DD-DBFA-456F-9381-692B605B5625",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JNDI). Las versiones compatibles que se han visto afectadas son JavaSE: 6u171, 7u161, 8u152 y 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, Java SE Embedded y JRockit, los ataques podr\u00edan afectar ligeramente a productos adicionales. Los ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 8.3 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2018-2633",
  "lastModified": "2024-11-21T04:04:06.753",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:20.633",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102557"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-07-12 07:15
Modified
2024-11-21 08:11
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE.
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdfVendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0F4FA6-8C57-494B-B6AB-5CF125AFBAEE",
              "versionEndIncluding": "7.9.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\n\n\nA CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command\n(\u0027SQL Injection\u0027) vulnerability exists that could allow a user already authenticated on DCE to\naccess unauthorized content, change, or delete content, or perform unauthorized actions when\ntampering with the mass configuration settings of endpoints on DCE. \n\n\n\n"
    }
  ],
  "id": "CVE-2023-37197",
  "lastModified": "2024-11-21T08:11:10.457",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-12T07:15:10.500",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-19 02:29
Modified
2024-11-21 04:04
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/103841Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201903-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3644-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3691-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4185Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4225Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103841Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3644-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3691-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4185Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4225Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 10
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 10
oracle jrockit r28.3.17
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
hp xp7_command_view *
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "5B9A0DD9-878D-42E8-AA57-283E5D1E0A64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "F5A7A396-AF98-46BD-8B73-8CAC02BF12B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "4009C7E0-94C7-4838-94CF-5607D7C575CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0231D6-CA6A-4F76-997A-93AFB840CAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "DD3B3C9B-A53B-4921-8F5F-FF118283D958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "038F6540-6674-4D7A-9A70-A62B0F3C9A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "0F88A87F-D142-4FFD-8121-52FC9A4B70E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "095351DA-F50B-4BAF-A4EF-A9C1F8E40E12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A13AA87-5F14-4728-B317-17C3A782FA34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "87D4ED85-90F6-47E6-BF08-3595DB22C7B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: AWT). Las versiones compatibles que se han visto afectadas son JavaSE: 6u181, 7u171, 8u162 y 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2018-2798",
  "lastModified": "2024-11-21T04:04:28.923",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-19T02:29:03.803",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103841"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-05-22 12:29
Modified
2024-11-21 04:05
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
References
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.htmlBroken Link
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.htmlBroken Link
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.htmlBroken Link
secure@intel.comhttp://support.lenovo.com/us/en/solutions/LEN-22133Third Party Advisory
secure@intel.comhttp://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.htmlThird Party Advisory
secure@intel.comhttp://www.openwall.com/lists/oss-security/2020/06/10/1Mailing List, Third Party Advisory
secure@intel.comhttp://www.openwall.com/lists/oss-security/2020/06/10/2Mailing List, Third Party Advisory
secure@intel.comhttp://www.openwall.com/lists/oss-security/2020/06/10/5Mailing List, Third Party Advisory
secure@intel.comhttp://www.securityfocus.com/bid/104232Third Party Advisory, VDB Entry
secure@intel.comhttp://www.securitytracker.com/id/1040949Third Party Advisory, VDB Entry
secure@intel.comhttp://www.securitytracker.com/id/1042004Third Party Advisory, VDB Entry
secure@intel.comhttp://xenbits.xen.org/xsa/advisory-263.htmlThird Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1629Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1630Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1632Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1633Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1635Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1636Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1637Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1638Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1639Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1640Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1641Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1642Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1643Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1644Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1645Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1646Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1647Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1648Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1649Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1650Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1651Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1652Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1653Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1654Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1655Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1656Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1657Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1658Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1659Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1660Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1661Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1662Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1663Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1664Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1665Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1666Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1667Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1668Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1669Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1674Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1675Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1676Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1686Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1688Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1689Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1690Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1696Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1710Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1711Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1737Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1738Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1826Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1854Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1965Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1967Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:1997Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2001Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2003Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2006Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2060Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2161Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2162Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2164Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2171Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2172Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2216Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2228Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2246Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2250Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2258Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2289Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2309Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2328Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2363Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2364Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2387Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2394Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2396Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:2948Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:3396Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:3397Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:3398Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:3399Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:3400Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:3401Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:3402Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:3407Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:3423Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:3424Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:3425Third Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2019:0148Broken Link
secure@intel.comhttps://access.redhat.com/errata/RHSA-2019:1046Third Party Advisory
secure@intel.comhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1528Exploit, Issue Tracking, Patch, Third Party Advisory
secure@intel.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdfThird Party Advisory
secure@intel.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdfThird Party Advisory
secure@intel.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdfThird Party Advisory
secure@intel.comhttps://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerabilityThird Party Advisory
secure@intel.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secure@intel.comhttps://lists.debian.org/debian-lts-announce/2018/07/msg00020.htmlMailing List, Third Party Advisory
secure@intel.comhttps://lists.debian.org/debian-lts-announce/2018/07/msg00038.htmlMailing List, Third Party Advisory
secure@intel.comhttps://lists.debian.org/debian-lts-announce/2018/09/msg00017.htmlMailing List, Third Party Advisory
secure@intel.comhttps://lists.debian.org/debian-lts-announce/2019/03/msg00017.htmlMailing List, Third Party Advisory
secure@intel.comhttps://lists.debian.org/debian-lts-announce/2019/03/msg00034.htmlMailing List, Third Party Advisory
secure@intel.comhttps://lists.debian.org/debian-lts-announce/2019/04/msg00004.htmlMailing List, Third Party Advisory
secure@intel.comhttps://nvidia.custhelp.com/app/answers/detail/a_id/4787Third Party Advisory
secure@intel.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012Patch, Third Party Advisory, Vendor Advisory
secure@intel.comhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004Third Party Advisory
secure@intel.comhttps://seclists.org/bugtraq/2019/Jun/36Issue Tracking, Mailing List, Third Party Advisory
secure@intel.comhttps://security.netapp.com/advisory/ntap-20180521-0001/Third Party Advisory
secure@intel.comhttps://support.citrix.com/article/CTX235225Third Party Advisory
secure@intel.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_usThird Party Advisory
secure@intel.comhttps://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.htmlThird Party Advisory
secure@intel.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannelThird Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3651-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3652-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3653-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3653-2/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3654-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3654-2/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3655-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3655-2/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3679-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3680-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3756-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3777-3/Third Party Advisory
secure@intel.comhttps://www.debian.org/security/2018/dsa-4210Third Party Advisory
secure@intel.comhttps://www.debian.org/security/2018/dsa-4273Third Party Advisory
secure@intel.comhttps://www.exploit-db.com/exploits/44695/Exploit, Third Party Advisory, VDB Entry
secure@intel.comhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.htmlThird Party Advisory
secure@intel.comhttps://www.kb.cert.org/vuls/id/180049Third Party Advisory, US Government Resource
secure@intel.comhttps://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006Third Party Advisory
secure@intel.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
secure@intel.comhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlThird Party Advisory
secure@intel.comhttps://www.synology.com/support/security/Synology_SA_18_23Third Party Advisory
secure@intel.comhttps://www.us-cert.gov/ncas/alerts/TA18-141AThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://support.lenovo.com/us/en/solutions/LEN-22133Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/06/10/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/06/10/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/06/10/5Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104232Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040949Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1042004Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://xenbits.xen.org/xsa/advisory-263.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1629Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1630Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1632Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1633Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1635Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1636Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1637Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1638Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1639Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1640Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1641Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1642Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1643Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1644Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1645Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1646Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1647Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1648Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1649Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1650Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1651Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1652Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1653Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1654Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1655Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1656Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1657Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1658Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1659Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1660Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1661Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1662Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1663Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1664Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1665Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1666Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1667Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1668Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1669Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1674Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1675Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1676Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1686Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1688Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1689Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1690Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1696Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1710Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1711Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1737Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1738Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1826Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1854Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1965Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1967Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1997Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2001Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2003Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2006Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2060Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2161Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2162Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2164Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2171Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2172Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2216Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2228Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2246Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2250Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2258Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2289Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2309Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2328Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2363Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2364Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2387Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2394Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2396Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2948Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3396Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3397Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3398Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3399Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3400Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3401Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3402Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3407Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3423Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3424Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3425Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:0148Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/project-zero/issues/detail?id=1528Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerabilityThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/07/msg00020.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/07/msg00038.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/09/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/03/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/03/msg00034.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/04/msg00004.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://nvidia.custhelp.com/app/answers/detail/a_id/4787Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jun/36Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180521-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.citrix.com/article/CTX235225Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannelThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3651-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3652-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3653-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3653-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3654-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3654-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3655-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3655-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3679-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3680-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3756-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3777-3/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4210Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4273Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/44695/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/180049Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/support/security/Synology_SA_18_23Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.us-cert.gov/ncas/alerts/TA18-141AThird Party Advisory, US Government Resource
Impacted products
Vendor Product Version
intel atom_c c2308
intel atom_c c3308
intel atom_c c3338
intel atom_c c3508
intel atom_c c3538
intel atom_c c3558
intel atom_c c3708
intel atom_c c3750
intel atom_c c3758
intel atom_c c3808
intel atom_c c3830
intel atom_c c3850
intel atom_c c3858
intel atom_c c3950
intel atom_c c3955
intel atom_c c3958
intel atom_e e3805
intel atom_e e3815
intel atom_e e3825
intel atom_e e3826
intel atom_e e3827
intel atom_e e3845
intel atom_x5-e3930 -
intel atom_x5-e3940 -
intel atom_x7-e3950 -
intel atom_z z2420
intel atom_z z2460
intel atom_z z2480
intel atom_z z2520
intel atom_z z2560
intel atom_z z2580
intel atom_z z2760
intel atom_z z3460
intel atom_z z3480
intel atom_z z3530
intel atom_z z3560
intel atom_z z3570
intel atom_z z3580
intel atom_z z3590
intel atom_z z3735d
intel atom_z z3735e
intel atom_z z3735f
intel atom_z z3735g
intel atom_z z3736f
intel atom_z z3736g
intel atom_z z3740
intel atom_z z3740d
intel atom_z z3745
intel atom_z z3745d
intel atom_z z3770
intel atom_z z3770d
intel atom_z z3775
intel atom_z z3775d
intel atom_z z3785
intel atom_z z3795
intel celeron_j j3455
intel celeron_j j4005
intel celeron_j j4105
intel celeron_n n3450
intel core_i3 32nm
intel core_i3 45nm
intel core_i5 32nm
intel core_i5 45nm
intel core_i7 32nm
intel core_i7 45nm
intel core_m 32nm
intel core_m 45nm
intel pentium n4000
intel pentium n4100
intel pentium n4200
intel pentium_j j4205
intel pentium_silver j5005
intel pentium_silver n5000
intel xeon_e-1105c -
intel xeon_e3 125c_
intel xeon_e3 1220_
intel xeon_e3 1275_
intel xeon_e3 1505m_v6
intel xeon_e3 1515m_v5
intel xeon_e3 1535m_v5
intel xeon_e3 1535m_v6
intel xeon_e3 1545m_v5
intel xeon_e3 1558l_v5
intel xeon_e3 1565l_v5
intel xeon_e3 1575m_v5
intel xeon_e3 1578l_v5
intel xeon_e3 1585_v5
intel xeon_e3 1585l_v5
intel xeon_e3 3600
intel xeon_e3 5600
intel xeon_e3 7500
intel xeon_e3 e5502
intel xeon_e3 e5503
intel xeon_e3 e5504
intel xeon_e3 e5506
intel xeon_e3 e5507
intel xeon_e3 e5520
intel xeon_e3 e5530
intel xeon_e3 e5540
intel xeon_e3 e6510
intel xeon_e3 e6540
intel xeon_e3 e6550
intel xeon_e3 l3403
intel xeon_e3 l3406
intel xeon_e3 l3426
intel xeon_e3 l5506
intel xeon_e3 l5508_
intel xeon_e3 l5518_
intel xeon_e3 l5520
intel xeon_e3 l5530
intel xeon_e3 w5580
intel xeon_e3 w5590
intel xeon_e3 x3430
intel xeon_e3 x3440
intel xeon_e3 x3450
intel xeon_e3 x3460
intel xeon_e3 x3470
intel xeon_e3 x3480
intel xeon_e3 x5550
intel xeon_e3 x5560
intel xeon_e3 x5570
intel xeon_e3_1105c_v2 -
intel xeon_e3_1125c_v2 -
intel xeon_e3_1220_v2 -
intel xeon_e3_1220_v3 -
intel xeon_e3_1220_v5 -
intel xeon_e3_1220_v6 -
intel xeon_e3_12201 -
intel xeon_e3_12201_v2 -
intel xeon_e3_1220l_v3 -
intel xeon_e3_1225 -
intel xeon_e3_1225_v2 -
intel xeon_e3_1225_v3 -
intel xeon_e3_1225_v5 -
intel xeon_e3_1225_v6 -
intel xeon_e3_1226_v3 -
intel xeon_e3_1230 -
intel xeon_e3_1230_v2 -
intel xeon_e3_1230_v3 -
intel xeon_e3_1230_v5 -
intel xeon_e3_1230_v6 -
intel xeon_e3_1230l_v3 -
intel xeon_e3_1231_v3 -
intel xeon_e3_1235 -
intel xeon_e3_1235l_v5 -
intel xeon_e3_1240 -
intel xeon_e3_1240_v2 -
intel xeon_e3_1240_v3 -
intel xeon_e3_1240_v5 -
intel xeon_e3_1240_v6 -
intel xeon_e3_1240l_v3 -
intel xeon_e3_1240l_v5 -
intel xeon_e3_1241_v3 -
intel xeon_e3_1245 -
intel xeon_e3_1245_v2 -
intel xeon_e3_1245_v3 -
intel xeon_e3_1245_v5 -
intel xeon_e3_1245_v6 -
intel xeon_e3_1246_v3 -
intel xeon_e3_1258l_v4 -
intel xeon_e3_1260l -
intel xeon_e3_1260l_v5 -
intel xeon_e3_1265l_v2 -
intel xeon_e3_1265l_v3 -
intel xeon_e3_1265l_v4 -
intel xeon_e3_1268l_v3 -
intel xeon_e3_1268l_v5 -
intel xeon_e3_1270 -
intel xeon_e3_1270_v2 -
intel xeon_e3_1270_v3 -
intel xeon_e3_1270_v5 -
intel xeon_e3_1270_v6 -
intel xeon_e3_1271_v3 -
intel xeon_e3_1275_v2 -
intel xeon_e3_1275_v3 -
intel xeon_e3_1275_v5 -
intel xeon_e3_1275_v6 -
intel xeon_e3_1275l_v3 -
intel xeon_e3_1276_v3 -
intel xeon_e3_1278l_v4 -
intel xeon_e3_1280 -
intel xeon_e3_1280_v2 -
intel xeon_e3_1280_v3 -
intel xeon_e3_1280_v5 -
intel xeon_e3_1280_v6 -
intel xeon_e3_1281_v3 -
intel xeon_e3_1285_v3 -
intel xeon_e3_1285_v4 -
intel xeon_e3_1285_v6 -
intel xeon_e3_1285l_v3 -
intel xeon_e3_1285l_v4 -
intel xeon_e3_1286_v3 -
intel xeon_e3_1286l_v3 -
intel xeon_e3_1290 -
intel xeon_e3_1290_v2 -
intel xeon_e3_1501l_v6 -
intel xeon_e3_1501m_v6 -
intel xeon_e3_1505l_v5 -
intel xeon_e3_1505l_v6 -
intel xeon_e3_1505m_v5 -
intel xeon_e5 2650l_v4
intel xeon_e5 2658
intel xeon_e5 2658_v2
intel xeon_e5 2658_v3
intel xeon_e5 2658_v4
intel xeon_e5 2658a_v3
intel xeon_e5 2660
intel xeon_e5 2660_v2
intel xeon_e5 2660_v3
intel xeon_e5 2660_v4
intel xeon_e5 2665
intel xeon_e5 2667
intel xeon_e5 2667_v2
intel xeon_e5 2667_v3
intel xeon_e5 2667_v4
intel xeon_e5 2670
intel xeon_e5 2670_v2
intel xeon_e5 2670_v3
intel xeon_e5 2680
intel xeon_e5 2680_v2
intel xeon_e5 2680_v3
intel xeon_e5 2680_v4
intel xeon_e5 2683_v3
intel xeon_e5 2683_v4
intel xeon_e5 2687w
intel xeon_e5 2687w_v2
intel xeon_e5 2687w_v3
intel xeon_e5 2687w_v4
intel xeon_e5 2690
intel xeon_e5 2690_v2
intel xeon_e5 2690_v3
intel xeon_e5 2690_v4
intel xeon_e5 2695_v2
intel xeon_e5 2695_v3
intel xeon_e5 2695_v4
intel xeon_e5 2697_v2
intel xeon_e5 2697_v3
intel xeon_e5 2697_v4
intel xeon_e5 2697a_v4
intel xeon_e5 2698_v3
intel xeon_e5 2698_v4
intel xeon_e5 2699_v3
intel xeon_e5 2699_v4
intel xeon_e5 2699a_v4
intel xeon_e5 2699r_v4
intel xeon_e5 4603
intel xeon_e5 4603_v2
intel xeon_e5 4607
intel xeon_e5 4607_v2
intel xeon_e5 4610
intel xeon_e5 4610_v2
intel xeon_e5 4610_v3
intel xeon_e5 4610_v4
intel xeon_e5 4617
intel xeon_e5 4620
intel xeon_e5 4620_v2
intel xeon_e5 4620_v3
intel xeon_e5 4620_v4
intel xeon_e5 4624l_v2
intel xeon_e5 4627_v2
intel xeon_e5 4627_v3
intel xeon_e5 4627_v4
intel xeon_e5 4628l_v4
intel xeon_e5 4640
intel xeon_e5 4640_v2
intel xeon_e5 4640_v3
intel xeon_e5 4640_v4
intel xeon_e5 4648_v3
intel xeon_e5 4650
intel xeon_e5 4650_v2
intel xeon_e5 4650_v3
intel xeon_e5 4650_v4
intel xeon_e5 4650l
intel xeon_e5 4655_v3
intel xeon_e5 4655_v4
intel xeon_e5 4657l_v2
intel xeon_e5 4660_v3
intel xeon_e5 4660_v4
intel xeon_e5 4667_v3
intel xeon_e5 4667_v4
intel xeon_e5 4669_v3
intel xeon_e5 4669_v4
intel xeon_e5_1428l -
intel xeon_e5_1428l_v2 -
intel xeon_e5_1428l_v3 -
intel xeon_e5_1620 -
intel xeon_e5_1620_v2 -
intel xeon_e5_1620_v3 -
intel xeon_e5_1620_v4 -
intel xeon_e5_1630_v3 -
intel xeon_e5_1630_v4 -
intel xeon_e5_1650 -
intel xeon_e5_1650_v2 -
intel xeon_e5_1650_v3 -
intel xeon_e5_1650_v4 -
intel xeon_e5_1660 -
intel xeon_e5_1660_v2 -
intel xeon_e5_1660_v3 -
intel xeon_e5_1660_v4 -
intel xeon_e5_1680_v3 -
intel xeon_e5_1680_v4 -
intel xeon_e5_2403 -
intel xeon_e5_2403_v2 -
intel xeon_e5_2407 -
intel xeon_e5_2407_v2 -
intel xeon_e5_2408l_v3 -
intel xeon_e5_2418l -
intel xeon_e5_2418l_v2 -
intel xeon_e5_2418l_v3 -
intel xeon_e5_2420 -
intel xeon_e5_2420_v2 -
intel xeon_e5_2428l -
intel xeon_e5_2428l_v2 -
intel xeon_e5_2428l_v3 -
intel xeon_e5_2430 -
intel xeon_e5_2430_v2 -
intel xeon_e5_2430l -
intel xeon_e5_2430l_v2 -
intel xeon_e5_2438l_v3 -
intel xeon_e5_2440 -
intel xeon_e5_2440_v2 -
intel xeon_e5_2448l -
intel xeon_e5_2448l_v2 -
intel xeon_e5_2450 -
intel xeon_e5_2450_v2 -
intel xeon_e5_2450l -
intel xeon_e5_2450l_v2 -
intel xeon_e5_2470 -
intel xeon_e5_2470_v2 -
intel xeon_e5_2603 -
intel xeon_e5_2603_v2 -
intel xeon_e5_2603_v3 -
intel xeon_e5_2603_v4 -
intel xeon_e5_2608l_v3 -
intel xeon_e5_2608l_v4 -
intel xeon_e5_2609 -
intel xeon_e5_2609_v2 -
intel xeon_e5_2609_v3 -
intel xeon_e5_2609_v4 -
intel xeon_e5_2618l_v2 -
intel xeon_e5_2618l_v3 -
intel xeon_e5_2618l_v4 -
intel xeon_e5_2620 -
intel xeon_e5_2620_v2 -
intel xeon_e5_2620_v3 -
intel xeon_e5_2620_v4 -
intel xeon_e5_2623_v3 -
intel xeon_e5_2623_v4 -
intel xeon_e5_2628l_v2 -
intel xeon_e5_2628l_v3 -
intel xeon_e5_2628l_v4 -
intel xeon_e5_2630 -
intel xeon_e5_2630_v2 -
intel xeon_e5_2630_v3 -
intel xeon_e5_2630_v4 -
intel xeon_e5_2630l -
intel xeon_e5_2630l_v2 -
intel xeon_e5_2630l_v3 -
intel xeon_e5_2630l_v4 -
intel xeon_e5_2637 -
intel xeon_e5_2637_v2 -
intel xeon_e5_2637_v3 -
intel xeon_e5_2637_v4 -
intel xeon_e5_2640 -
intel xeon_e5_2640_v2 -
intel xeon_e5_2640_v3 -
intel xeon_e5_2640_v4 -
intel xeon_e5_2643 -
intel xeon_e5_2643_v2 -
intel xeon_e5_2643_v3 -
intel xeon_e5_2643_v4 -
intel xeon_e5_2648l -
intel xeon_e5_2648l_v2 -
intel xeon_e5_2648l_v3 -
intel xeon_e5_2648l_v4 -
intel xeon_e5_2650 -
intel xeon_e5_2650_v2 -
intel xeon_e5_2650_v3 -
intel xeon_e5_2650_v4 -
intel xeon_e5_2650l -
intel xeon_e5_2650l_v2 -
intel xeon_e5_2650l_v3 -
intel xeon_e7 2803
intel xeon_e7 2820
intel xeon_e7 2830
intel xeon_e7 2850
intel xeon_e7 2850_v2
intel xeon_e7 2860
intel xeon_e7 2870
intel xeon_e7 2870_v2
intel xeon_e7 2880_v2
intel xeon_e7 2890_v2
intel xeon_e7 4807
intel xeon_e7 4809_v2
intel xeon_e7 4809_v3
intel xeon_e7 4809_v4
intel xeon_e7 4820
intel xeon_e7 4820_v2
intel xeon_e7 4820_v3
intel xeon_e7 4820_v4
intel xeon_e7 4830
intel xeon_e7 4830_v2
intel xeon_e7 4830_v3
intel xeon_e7 4830_v4
intel xeon_e7 4850
intel xeon_e7 4850_v2
intel xeon_e7 4850_v3
intel xeon_e7 4850_v4
intel xeon_e7 4860
intel xeon_e7 4860_v2
intel xeon_e7 4870
intel xeon_e7 4870_v2
intel xeon_e7 4880_v2
intel xeon_e7 4890_v2
intel xeon_e7 8830
intel xeon_e7 8837
intel xeon_e7 8850
intel xeon_e7 8850_v2
intel xeon_e7 8857_v2
intel xeon_e7 8860
intel xeon_e7 8860_v3
intel xeon_e7 8860_v4
intel xeon_e7 8867_v3
intel xeon_e7 8867_v4
intel xeon_e7 8867l
intel xeon_e7 8870
intel xeon_e7 8870_v2
intel xeon_e7 8870_v3
intel xeon_e7 8870_v4
intel xeon_e7 8880_v2
intel xeon_e7 8880_v3
intel xeon_e7 8880_v4
intel xeon_e7 8880l_v2
intel xeon_e7 8880l_v3
intel xeon_e7 8890_v2
intel xeon_e7 8890_v3
intel xeon_e7 8890_v4
intel xeon_e7 8891_v2
intel xeon_e7 8891_v3
intel xeon_e7 8891_v4
intel xeon_e7 8893_v2
intel xeon_e7 8893_v3
intel xeon_e7 8893_v4
intel xeon_e7 8894_v4
intel xeon_gold 5115
intel xeon_gold 85115
intel xeon_gold 85118
intel xeon_gold 85119t
intel xeon_gold 85120
intel xeon_gold 85120t
intel xeon_gold 85122
intel xeon_gold 86126
intel xeon_gold 86126f
intel xeon_gold 86126t
intel xeon_gold 86128
intel xeon_gold 86130
intel xeon_gold 86130f
intel xeon_gold 86130t
intel xeon_gold 86132
intel xeon_gold 86134
intel xeon_gold 86134m
intel xeon_gold 86136
intel xeon_gold 86138
intel xeon_gold 86138f
intel xeon_gold 86138t
intel xeon_gold 86140
intel xeon_gold 86140m
intel xeon_gold 86142
intel xeon_gold 86142f
intel xeon_gold 86142m
intel xeon_gold 86144
intel xeon_gold 86146
intel xeon_gold 86148
intel xeon_gold 86148f
intel xeon_gold 86150
intel xeon_gold 86152
intel xeon_gold 86154
intel xeon_platinum 8153
intel xeon_platinum 8156
intel xeon_platinum 8158
intel xeon_platinum 8160
intel xeon_platinum 8160f
intel xeon_platinum 8160m
intel xeon_platinum 8160t
intel xeon_platinum 8164
intel xeon_platinum 8168
intel xeon_platinum 8170
intel xeon_platinum 8170m
intel xeon_platinum 8176
intel xeon_platinum 8176f
intel xeon_platinum 8176m
intel xeon_platinum 8180
intel xeon_silver 4108
intel xeon_silver 4109t
intel xeon_silver 4110
intel xeon_silver 4112
intel xeon_silver 4114
intel xeon_silver 4114t
intel xeon_silver 4116
intel xeon_silver 4116t
arm cortex-a 15
arm cortex-a 57
arm cortex-a 72
redhat mrg_realtime 2.0
redhat openstack 7.0
redhat openstack 8
redhat openstack 9
redhat openstack 10
redhat openstack 12
redhat openstack 13
redhat virtualization_manager 4.2
redhat virtualization_manager 4.3
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 6.7
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 5.9
redhat enterprise_linux_server_aus 6.4
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
canonical ubuntu_linux 18.04
siemens itc1500_firmware *
siemens itc1500 3
siemens itc1500_pro_firmware *
siemens itc1500_pro 3
siemens itc1900_firmware *
siemens itc1900 3
siemens itc1900_pro_firmware *
siemens itc1900_pro 3
siemens itc2200_firmware *
siemens itc2200 3
siemens itc2200_pro_firmware *
siemens itc2200_pro 3
oracle local_service_management_system *
oracle solaris 11
siemens ruggedcom_ape_firmware -
siemens ruggedcom_ape -
siemens simatic_et_200_sp_firmware *
siemens simatic_et_200_sp -
siemens simatic_field_pg_m4_firmware *
siemens simatic_field_pg_m4 -
siemens simatic_field_pg_m5_firmware *
siemens simatic_field_pg_m5 -
siemens simatic_ipc3000_smart_firmware *
siemens simatic_ipc3000_smart 2
siemens simatic_ipc347e_firmware *
siemens simatic_ipc347e -
siemens simatic_ipc427c_firmware -
siemens simatic_ipc427c -
siemens simatic_ipc427d_firmware *
siemens simatic_ipc427d -
siemens simatic_ipc427e_firmware *
siemens simatic_ipc427e -
siemens simatic_ipc477c_firmware -
siemens simatic_ipc477c -
siemens simatic_ipc477d_firmware *
siemens simatic_ipc477d -
siemens simatic_ipc477e_firmware *
siemens simatic_ipc477e -
siemens simatic_ipc477e_pro_firmware *
siemens simatic_ipc477e_pro -
siemens simatic_ipc547e_firmware *
siemens simatic_ipc547e -
siemens simatic_ipc547g_firmware *
siemens simatic_ipc547g -
siemens simatic_ipc627c_firmware *
siemens simatic_ipc627c -
siemens simatic_ipc627d_firmware *
siemens simatic_ipc627d -
siemens simatic_ipc647c_firmware *
siemens simatic_ipc647c -
siemens simatic_ipc647d_firmware *
siemens simatic_ipc647d -
siemens simatic_ipc677d_firmware *
siemens simatic_ipc677d -
siemens simatic_ipc677c_firmware *
siemens simatic_ipc677c -
siemens simatic_ipc827c_firmware *
siemens simatic_ipc827c -
siemens simatic_ipc827d_firmware *
siemens simatic_ipc827d -
siemens simatic_ipc847c_firmware *
siemens simatic_ipc847c -
siemens simatic_ipc847d_firmware *
siemens simatic_ipc847d -
siemens simatic_itp1000_firmware *
siemens simatic_itp1000 -
siemens simatic_s7-1500_firmware *
siemens simatic_s7-1500 -
siemens simotion_p320-4e_firmware *
siemens simotion_p320-4e -
siemens sinumerik_840_d_sl_firmware -
siemens sinumerik_840_d_sl -
siemens sinumerik_pcu_50.5_firmware *
siemens sinumerik_pcu_50.5 -
siemens sinumerik_tcu_30.3_firmware -
siemens sinumerik_tcu_30.3 -
siemens sinema_remote_connect_firmware -
siemens sinema_remote_connect -
mitel micloud_management_portal *
mitel micollab -
mitel mivoic_mx-one -
mitel mivoice_5000 -
mitel mivoice_border_gateway -
mitel mivoice_business -
mitel mivoice_connect -
mitel open_integration_gateway -
sonicwall cloud_global_management_system -
sonicwall email_security -
sonicwall global_management_system -
sonicwall secure_mobile_access -
sonicwall web_application_firewall -
sonicwall sonicosv -
schneider-electric struxureware_data_center_expert *
redhat virtualization 4.0
redhat enterprise_linux 7.0
nvidia jetson_tx1 *
nvidia jetson_tx2 *
microsoft surface -
microsoft surface_book -
microsoft surface_book 2
microsoft surface_pro 3
microsoft surface_pro 4
microsoft surface_pro 1796
microsoft surface_pro_with_lte_advanced 1807
microsoft surface_studio -
microsoft windows_10 -
microsoft windows_10 1607
microsoft windows_10 1703
microsoft windows_10 1709
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_7 -
microsoft windows_8.1 -
microsoft windows_server_2008 r2
microsoft windows_server_2008 sp2
microsoft windows_server_2012 -
microsoft windows_server_2012 r2
microsoft windows_server_2016 -
microsoft windows_server_2016 1709
microsoft windows_server_2016 1803


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD028C10-FD07-4206-A732-CCAC1B6D043D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93010C0-33B3-438F-94F6-8DA7A9D7B451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A988A78-6B3D-4599-A85C-42B4A294D86D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D7C5EF4-3A92-4AF7-9B11-62B4FFDC5128",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*",
              "matchCriteriaId": "246AA1B0-B6C8-406B-817D-26113DC63858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*",
              "matchCriteriaId": "00EE5B42-FF05-447C-BACC-0E650E773E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0779CC9-BD39-4E0B-B523-A6C69F9EBB0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1F0E3C4-7E9B-435F-907E-4BF4F12AF314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D616C72-0863-478C-9E87-3963C83B87E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC333B0D-3A0E-4629-8016-68C060343874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*",
              "matchCriteriaId": "6655535C-FF64-4F9E-8168-253AABCC4F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1EDEA1E-9A19-4B3F-806E-D770D1AB4C73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBD68F3F-7E38-40B9-A20B-B9BB45E8D042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EACEF19-83BC-4579-9274-BE367F914432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC73291-AA6F-40B0-860A-1F2E6AB1E2AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*",
              "matchCriteriaId": "24128A7F-2B0B-4923-BA9E-9F5093D29423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*",
              "matchCriteriaId": "0990DD71-9E83-499D-9DAF-A466CF896CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7FEDEF-9772-4FB1-9261-020487A795AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE7B0F72-DEDF-40C4-887C-83725C52C92E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*",
              "matchCriteriaId": "9568C222-9816-4520-B01C-C1DC2A79002D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B2F8FAD-1688-4369-BB4B-9FA9F30A80A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A1F23D-7226-4479-B51F-36376CC80B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x5-e3930:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "454AC633-5F1C-47BB-8FA7-91A5C29A1DD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x5-e3940:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2394E8C-58D9-480B-87A7-A41CD7697FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x7-e3950:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B9AC02B-D3AE-4FAF-836E-55515186A462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*",
              "matchCriteriaId": "65AAC7A7-77CA-4C6C-BD96-92A253512F09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD16C07-0050-495A-8722-7AC46F5920F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*",
              "matchCriteriaId": "01423706-C82C-4457-9638-1A2380DE3826",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*",
              "matchCriteriaId": "A881E2D3-A668-465F-862B-F8C145BD5E8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5B9B98-0EF0-4ACD-B378-F9DE5AB36CBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDC6806-E4FC-4A6E-A6BB-88C18E47ABFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*",
              "matchCriteriaId": "6602DD69-E59A-417D-B19F-CA16B01E652C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*",
              "matchCriteriaId": "05C493EE-EF9F-47E2-8F88-86DF6C5F1FF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*",
              "matchCriteriaId": "40010DAE-DD1A-4A81-B6E9-EDC1B0DDCAB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED96AC16-12CC-43F6-ACC8-009A06CDD8F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE9DC29-C192-4553-AF29-D39290976F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*",
              "matchCriteriaId": "F625E647-B47E-404C-9C5B-72F3EB1C46F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AF3279-89E7-4C91-8C5F-5AD5937CD0C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5878612-9825-4737-85A5-8227BA97CBA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*",
              "matchCriteriaId": "F453D348-28CE-402B-9D40-A29436A24ECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*",
              "matchCriteriaId": "36322F4B-83D7-468A-BB34-1C03729E9BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AD22811-C3C6-4B5E-98D5-D3F2240E6C8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C7D0BA-8F07-42AD-8BB9-C65472BE41C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A2A50E-94FA-44E9-A45D-3016750CFBDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*",
              "matchCriteriaId": "5625CAD8-4A62-4747-B6D9-90E56F09B731",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*",
              "matchCriteriaId": "43A234CE-D6AA-4A32-8425-1A4DDA0F6B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*",
              "matchCriteriaId": "78DE1A01-3AEF-41E6-97EE-CB93429C4A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*",
              "matchCriteriaId": "410184AF-B932-4AC9-984F-73FD58BB4CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*",
              "matchCriteriaId": "B265F073-9E0A-4CA0-8296-AB52DEB1C323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F664223-1CBC-4D8A-921B-F03AACA6672B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*",
              "matchCriteriaId": "987A8470-08BA-45DE-8EC0-CD2B4451EECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BBC9542-FB77-4769-BF67-D42829703920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*",
              "matchCriteriaId": "74FDC18B-4662-422E-A86A-48FE821C056F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAB4AA2C-D1D9-44D8-9471-66EBDE9DC66D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBA3E7AE-CB74-48A8-A2B8-9FCADB6E40D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*",
              "matchCriteriaId": "723E7155-493D-4B5A-99E2-AB261838190E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E37264-E4BA-4D9D-92E7-56DE6B5F918F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*",
              "matchCriteriaId": "8704BE6D-2857-4328-9298-E0273376F2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1289B9E-5725-42EF-8848-F545421A29E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:32nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "50287A9B-366F-41F2-BEBD-D4C64EF93035",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:45nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCB79F2F-5522-45D3-A1D1-DC2F5A016D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:32nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "9749C2B0-B919-4172-A2AD-04C99A479F5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:45nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F1F45A1-A17D-4895-8A71-00010C7E55D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:32nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "D46BF41F-C44C-4D87-862E-0D156A2298DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:45nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "5927D78A-EE05-4246-A141-4A8815AB228B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:32nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "579FC479-DEA0-415D-8E8F-18A81A85A471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:45nm:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEECAA34-57F4-4B01-857C-C8454E1EDCAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium:n4000:*:*:*:*:*:*:*",
              "matchCriteriaId": "967252A4-EC1F-4B31-97B8-8D25A3D82070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium:n4100:*:*:*:*:*:*:*",
              "matchCriteriaId": "3205757B-07DB-4115-B3E0-4DF9D0EA2061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium:n4200:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF8ABFA-BBFD-42F5-9769-00F8CD67F7FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*",
              "matchCriteriaId": "88AF1366-8A14-4741-8146-886C31D8D347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_silver:j5005:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AEAA43A-4D97-4E13-82E1-895F3B368B25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_silver:n5000:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB6BAE0B-103D-430E-BAE9-429881620DE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2832E8BF-7AC7-444C-B297-66F770860571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:125c_:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9D0A534-1749-4ED3-8F18-BF826D84EB56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1220_:*:*:*:*:*:*:*",
              "matchCriteriaId": "B581515E-29CC-462F-BB10-4EA6DE2D6637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1275_:*:*:*:*:*:*:*",
              "matchCriteriaId": "036D395E-AFE8-4D61-91CC-E9B3CD8B6380",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*",
              "matchCriteriaId": "44AA72FB-E78D-419E-AA82-B0538C6504D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "687C3BF3-D71A-49AD-8A05-EAC07CBCD949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "90AF90D9-16C4-4F8A-9868-3E2823E3445C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C063C53-8970-45B1-85F8-FB2080BF4695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "64596ED7-794A-4D23-987B-D9AD59D48EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2E52BA6-2F2F-4CD2-A601-5B0ADDE5E23F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FDA48F0-0F35-4A8F-8117-B0B28E00AB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A561A8E8-79E2-4071-B57D-590C22EF86A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E46658-60AB-4758-9236-3AC0E6464383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "207B8FBA-E2FF-485A-9AD9-E604AE0FB903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F99640-C753-40BE-A0A1-4C2D92E7DB09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:3600:*:*:*:*:*:*:*",
              "matchCriteriaId": "36609915-9E0D-4204-B544-4832E1195BA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:5600:*:*:*:*:*:*:*",
              "matchCriteriaId": "3612AC78-4904-4830-85DF-38A38F617379",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:7500:*:*:*:*:*:*:*",
              "matchCriteriaId": "B79CC0FA-3DA1-4812-8E73-B0FF0752E31E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5502:*:*:*:*:*:*:*",
              "matchCriteriaId": "D12F3759-48D2-4208-AD5B-3AC8B012D061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5503:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7C61D9B-2733-4A67-9D6A-2290123C0405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5504:*:*:*:*:*:*:*",
              "matchCriteriaId": "44C3C383-6927-44AD-9488-8B916D5959ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5506:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FC1E41C-7A17-42B7-936D-09A236D9C4D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5507:*:*:*:*:*:*:*",
              "matchCriteriaId": "E814CB3E-4542-4E3E-91E8-D97EA17C0B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5520:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FD43D7C-932B-463F-8EB2-3A115FBED4BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5530:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CCD70F8-D81D-467B-8042-5D3B9AC513E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e5540:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05C68D0-4771-4338-9761-6428195F0318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e6510:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4FC2878-389F-4687-8377-E192A1C519BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e6540:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B24CEBE-51B1-4EC5-8770-BFDB0625193A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:e6550:*:*:*:*:*:*:*",
              "matchCriteriaId": "61BD85A8-39D9-4248-96FE-CAEF4BC7CD44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l3403:*:*:*:*:*:*:*",
              "matchCriteriaId": "8320D28B-B10D-47AE-9B65-51304F93F9AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l3406:*:*:*:*:*:*:*",
              "matchCriteriaId": "35AD843A-EBB1-42BE-A305-595C23881404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l3426:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D457B8B-50A6-411C-8528-96915B697C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l5506:*:*:*:*:*:*:*",
              "matchCriteriaId": "3934C421-BD11-4174-83F4-3E20176F03F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l5508_:*:*:*:*:*:*:*",
              "matchCriteriaId": "45EE1BA7-5356-4421-9CF2-48DA09EBAE3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l5518_:*:*:*:*:*:*:*",
              "matchCriteriaId": "92FE452A-EE8B-4ACE-96B1-B6BD81FAC9B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l5520:*:*:*:*:*:*:*",
              "matchCriteriaId": "47195FE7-3692-42C4-B29E-679A6FE0E220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:l5530:*:*:*:*:*:*:*",
              "matchCriteriaId": "C033BBFA-67F4-4F24-A042-FF996B327976",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:w5580:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBF7A770-3E90-4466-8595-8E523D82BC62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:w5590:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA7922C0-AB84-4331-BE8F-71A0D95D4F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x3430:*:*:*:*:*:*:*",
              "matchCriteriaId": "648CB034-89BF-48FF-A3BF-C84C08FE09E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x3440:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A7DC164-65FF-483A-AD69-3E23E449E52C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x3450:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3DCB95-5139-44C6-8151-8CEFD37F9DAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x3460:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED5FEA46-49A2-4082-98D2-56E698A56909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x3470:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B85D7F3-1FA5-4FE1-AAFF-CEE8DF822CC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x3480:*:*:*:*:*:*:*",
              "matchCriteriaId": "80607FEB-8908-40F6-B702-FD56D849E2D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x5550:*:*:*:*:*:*:*",
              "matchCriteriaId": "97F20575-82C0-466D-8FDD-AAC034247D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x5560:*:*:*:*:*:*:*",
              "matchCriteriaId": "648E21A8-6B5F-4C97-A71A-44B97DBB4FE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:x5570:*:*:*:*:*:*:*",
              "matchCriteriaId": "172EA906-A08F-4D2A-9814-937C07F77C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1EC6D3-01CD-4CAB-817D-AE2E72FD0D03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDBA35BD-1048-4B6E-96B2-1CFF615EB49A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "979FEE9F-A957-43B6-BB6D-1A851D6FA11C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7AF59D-D05E-47F9-B493-B5CD6781FDDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF7EC93-0170-45A9-86C7-5460320B2AE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A7B1C2-D2CE-485A-9376-27E14F3FA05A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F803AC-DCC7-43FC-BEB3-AA7984E0506C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "560993AA-299D-42B7-B77F-1BD0D2114CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C582B1C-1DAC-48FD-82DD-7334C10A2175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7862B0C-2C44-4110-A62A-083116129612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "048C5996-F719-4338-B148-0DD1C13E02FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0196DA2F-CFA7-44D0-BDF5-37C7403E3B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9FF7FB-AB5A-4549-8C15-E69458C649E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CEF6608-B650-4C77-9823-0AD57B3484F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE6A2D7-901C-45F9-B487-D674047D522E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCFCAC5E-6CF1-4EC1-A24C-688DD1016A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ADCB509-5B0E-4592-8B23-EC25A3F79D41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB51691F-089F-4016-B25E-238074B06C0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBAAC728-6A0F-4675-9677-AAF7DD5D38ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB3BFEFD-3D0D-48B0-A5AE-6F3C2D791CE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC7E1AFD-9BCE-4487-A8DE-F9C60529CA7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EA37503-FD3D-4220-933C-234631D6EDEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "72992831-2A76-456B-A80C-944BDD8591E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79C2131-5566-4CC2-B6ED-38E3F6964500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60BFDAA6-3DFC-4908-BC33-B05BAB462F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6266056-770A-4E2D-A4FC-F1475257648E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "929AA8F3-8BDF-4614-9806-6D4231735616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "605D7552-8184-4B11-96FD-FE501A6C97DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3144BBDE-CC96-4408-AA02-ECC3BF902A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8BA77A-34E3-4B9E-822A-7B7A90D35790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7165B43-ED22-4714-8FA4-1E201D1BFA69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67CFB133-FAF0-431A-9765-8A9738D6D87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2975B0F2-DB7C-4257-985A-482ED2725883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70221E07-3C2E-4A82-8259-AD583EB5CDDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "427DFD78-56CD-43C4-948E-F53AF9D669F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E3E6F5F-6B82-43D9-BD6E-D22F9B991DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75AD7649-3FEA-4971-9886-6C9312B937A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4EE972C-6BAE-4342-BA01-1D685487F9C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27CDFE3B-C064-49A9-BD43-3F7612257A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD0EEC1-D695-41A5-8CD6-9E987A547CC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35AA9AC-28B3-49C2-A9B5-5D26DFEDB723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF25B8-D474-4C6B-8E45-F57DDC7074E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF18FD1-6670-4C3C-8000-A079C69D575E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D760EEAF-5CF5-4F25-8FA2-D4F75F4F5A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "921EB5A5-F911-4FCE-A6F1-C66818B34678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13878C13-1C7C-4B83-AF27-4998E8F659DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "023063E1-2DD7-487C-A8A7-939FAEE666A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77255CE6-D7B7-4B48-993C-7100A1170BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40AC368-3A14-4EFF-A8D0-7EFB4C83045D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3472AA7B-C0CF-4D65-8A6C-B1D52D27F0CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C07E80D5-70A5-49C9-9044-D683C7ECCFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63668AF4-F29C-4424-8EC5-2F0A5950DD58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C1C7CD-538D-4D7A-A81C-10DF5376A479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5922F749-2B23-44B8-8A46-F31BCAEAD279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C48BBAF-6B27-43D6-B86B-40CD8E7BA056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D75D0EEB-707C-4C86-A569-E91E9F00BA77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FB0E20-0243-40A1-8DEF-37150791222E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CFF26D-8AD3-4179-9E4C-F06D7C858C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7541572C-229F-4963-B7F0-06EB3323E53B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DE669C-27FD-4196-8B8C-1DA4EE4C1D6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "479F7C77-D16F-4E40-9026-3EB8422E0401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A242AC2-9AA6-43FD-90F4-5BF6E80DBB5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04DB08C8-0018-4A8E-A206-097BDDF83B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7193E85-30BE-42D5-A26B-3F88817F3574",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "446E8515-45FC-4B8B-8D12-60643D64C07F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBBDF6B2-D388-4639-87D8-064AA3F6B6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00AAB8B6-B614-4EAA-BA90-C5326CB5D07A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A371DF9-E224-404F-99C2-C2A4607E62D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F40E356-365D-44B7-8C38-A0C89DDD6D3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3132029-89F8-4359-A0DC-A275785266A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B02F5685-0636-48AB-B222-434CA1F3B336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E51FDD60-88E5-4A86-BB8E-4C2D7EDEFA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ED4693C-DECF-4434-90C0-56158F102E7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB408A6B-0842-43DA-9180-B0A299FCBCE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6215EBAC-7C75-4647-9970-482120897F1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3357FCAC-B6C4-4E3E-A40B-AB5084A7F9B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B1BD2B6-1AF6-4AD4-94FA-94B453A21908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D1FD6E8-80EC-461F-9ED1-CE5912399E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96F585E-BDEF-45EE-B0AB-94FE23753AC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3279C067-3058-4D46-A739-05404FD0E9B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4DF0A7-8BC2-48AE-9036-FED6EEC57DF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0855225-F501-486A-BD03-2A86FD252B5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "214C7B0C-C438-4000-9F9B-6D83294243AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C91AA2E-4BB2-49C8-9364-4E363DF42CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA26781F-5A1C-4DA5-835E-D984D697F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EEA4222-F25D-4457-80AA-6D05CA918D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F3E60D1-5CF9-4F96-9EDB-D87F8CF57272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4D321BC-6B1D-4C71-8E16-5A1319CEFD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6777AC35-9D1F-4153-94AC-B25627D730E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F063F4-8994-4E46-BA7B-A12A112009BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6F2DE5-AF11-439A-8D37-30CB882ECD58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E213DD86-5419-42C8-BF38-7795DDB3C582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A972291E-5231-439D-873B-2F87BCAF800A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C089CC54-3229-43D7-AA15-73CFA1A43EE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF268D83-C15D-4559-A46F-844E1D9264F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFE97C0D-3EA1-4314-A74A-7845C7778FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "34293F29-F327-4ADD-BF62-78F63F79BB96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*",
              "matchCriteriaId": "528C0A46-1CC4-4882-985A-0BB41525BC6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "643F3522-A452-4927-944D-532574EC4243",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "58F40B78-4DBA-44EE-8420-086789EFF53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "423BFD8F-4B50-43DA-9979-75FD18FBC953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BAD4A68-0481-476F-BBBD-3D515331368C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "838CEB7C-7C4C-416C-86CE-6E8DD47EF25B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7D021F-3C97-45B3-B1F7-0AC26959F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A31AEF3-448D-417B-9589-4BA0A06F2FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7A1D96F-7FFD-413F-ABCE-4530C3D63040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB2B08B-D3C7-4B82-B170-471D6CDEFAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B8343FE-1320-40AE-A37F-70EF1A4AC4B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD42BA5A-7DA0-409D-8685-E43CF9B61D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5FF80E9-CF28-4EF6-9CFE-4B500A434674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7896A6C6-5918-4C27-85AF-6FEEFC7F8FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "647B77A4-2F49-4989-AF43-961D69037370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "805B1E33-F279-4303-9DF3-C81039A40C1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B971EA9E-AE5C-4A1D-AD55-8241F7B38C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7E0AAE-6539-4024-9055-BE0BAD702143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F1A8828-0765-4799-AD6C-143F45FAAD23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "12D34618-1CCA-405B-A49C-EB384A09C2C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "575D6061-66BC-4862-BC84-ECD82D436E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "56B6EE64-1AD4-46B2-BA65-BB6282E56EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "11650B45-0BDA-42BF-AEF3-83B48DD6A71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3C92BA-827B-48AF-BBB3-FB60A9053C22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC097E24-F6C9-40D9-95E9-7EFDFA61AFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB44CA7-DFE6-4B1A-9A63-97AE30017E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B305EFA-6226-412C-90EE-F0691F2DDDE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3874FA-63CB-4B5D-8B64-CE920320A4E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0800ED17-50E4-43F3-B46C-591DFA818BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*",
              "matchCriteriaId": "A46B0405-F301-4209-8766-6E12EAFAD157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F99F9F1F-A967-4884-96CF-4488102DC0A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA9B37AD-4599-425B-B39F-E571F4975266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A5F1CF-A1E6-45F1-8B09-36566778DB57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "698C8A49-888B-4675-B3B0-25EDE2FD515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D98F97-8EF4-48B5-84BE-C3CC27031FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*",
              "matchCriteriaId": "B473D1FA-909B-492E-9C5B-94B0E20E1C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD5EA7E-322E-4CE6-89D4-7DB1055C9034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "67836379-4E1A-45CD-9506-7D3F612E47C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1BBC61-8664-4452-93A7-DDB4D2E4C802",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F1B50C-FC5F-47F4-87BC-60E1BD3DD1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "044F0375-DF2F-4D9B-AD7E-473D34165E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEE9B72-5C4C-40C0-A8A7-9DF11655DA43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0655CA-A88C-4632-9A18-560E3F63B2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C1454DD-DA51-4CBC-8BB2-09D5AB5777DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6965851-3B29-4C21-9556-97FD731EAA85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*",
              "matchCriteriaId": "52984FD2-44E0-4E91-B290-0376737EEF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C5D92E2-E718-4247-BA5D-DFE86C0F6AAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF933366-7503-4F8D-B7AA-F6A16210EC37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2DAF5D-5BB7-49C6-8426-8B547505B6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EABB21D-D021-434B-B147-CAF687097A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*",
              "matchCriteriaId": "7609424D-95F1-4493-A20C-B1BA4EC6439D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "966DC636-C802-4D9F-8162-652AFB931203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A75794EB-A5AF-43F0-985F-D9E36F04C6D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C2CFF0-98FD-4A0D-8949-D554B2FE53D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*",
              "matchCriteriaId": "05F9217F-5028-4659-AA8E-F60548DE4D52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC769DC-CF2E-4A3C-A610-264F024E6279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2B1CBF-D155-49BC-81A4-4172F177A5C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "370B2B32-519E-4373-8A04-5C5025D688BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83D9B562-C279-4A55-A347-F28FC4F9CD12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A8C2BA0-48A8-4107-8681-A7C34C553D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B009DE-A82F-4569-9B42-EC1EC4DA8A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "683B6E83-37FF-4F9B-915F-059EBB29DB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E218718F-4BE6-48B0-A204-9DD4A932A654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0AB327-B60A-473C-9D36-97766EE62D7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA249EE-4786-4E27-8787-5E8B88C2AEB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBD0529-1CF3-44E5-85B3-19A3323C9493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D664EE97-07EC-410F-94C3-AEAB2C6A627D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31DB981-03B1-4A84-8D87-CD407C3C149F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CBD155D-89D9-4677-A621-4D7613BE65C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02BD0D4-FFFD-4355-97D8-170362F10B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6635781A-2651-4EF2-A5AC-AEEEE63FDE6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DCE6930-760A-48C0-B964-1E3ED6A8517C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E52DE90-DF96-4CE7-B8D1-226BA50E4D09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8EB40E7-9B91-4106-B303-2B70AF395BFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB0D5CD-8AF3-409D-96A7-718641D4B90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E420B0B-0CD5-41C7-B25A-3DB856055F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B0C295B-0D63-4BE7-830D-D927E00C301C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "605C340D-2220-4669-B827-9009CB099E8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8791879D-2908-4F57-8DB3-6D24100A9108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBEDBBA-0427-4DE0-BA8D-737DE7DF80E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E823DC5B-98BE-4656-BFBF-3A7018F8F213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E8D558-ADE0-4358-9C76-7BD77BF23AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7973B3D0-F244-4E26-88F5-A2D9BF2E4503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68E6BAB9-CBA4-4362-BC82-00D2C5CC6FB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD3F4BFF-3CBE-4E4B-8B29-B203F99CFD8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F5CB567-4F86-4466-BE4D-BFF557ACAE0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A52611B-6583-4660-90D7-C9472728072B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E80C6E89-B57C-47BB-8B95-50C03DFB3B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9AB685B-FEE1-41EF-A046-1B34619E12A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB9F6724-967A-4AF0-9896-12BF6164B2CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC1116BF-12D7-47CC-98DB-18B200CF9C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBB28DE-726B-4AF0-88A5-35987E1E648B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EA1DB22-8FBF-4CF6-AA96-5B68EE28877D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1880E2B8-5E0E-4603-8D17-3ABA43D28179",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAFBB92-1917-4238-832B-195FBE418271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91DFDF3F-9A3F-42B8-99A1-A3F76B198358",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8778F972-BF34-482F-9FA7-71A77F6138E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F288BB0-FE7A-4900-B227-BE80E4F4AADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A8DC53A-90C6-47FE-89F1-A1FE8B1C07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E16338-A094-4CA9-B77F-6FE42D3B422C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E07AB33-5351-487D-9602-495489C7C0B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22115ED6-1707-4840-B0D1-AD36BC0C75A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C633BC-831F-4CB7-9D62-16693444B216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CF5EE7E-F41B-44EC-9F69-7963B1BF1FB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD501E1-E78F-44C6-8A13-C29337B07EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9085BA0B-B7E2-4908-90C0-B4183891C718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2267CB8-0EE9-4DBD-AD5F-8A13BB62673C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81971C2F-137A-4F11-8C93-3B99D4CD1B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98E0BDAC-398E-406B-B2DB-AE049D6E98B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB66D7E-B465-4A8B-8CBD-7E93CCA2CD6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86AFDE6C-DE58-4C4D-882E-474EF6C3D934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "950C6BF9-AA47-4287-AC01-D183237490FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2355181D-D8EE-4F80-8280-13D5CBCF4779",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5209343F-66B0-4DC0-9111-E2E64CFF7409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "720109A6-B79E-48E1-9AE7-7708B154788E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82FF0DBD-AE13-4232-80F7-F4C2E2CC9721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5E944ED-8C02-46B8-BF95-0CE4C352753B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77AEA3D1-4846-46E2-9B80-20B19F00DC11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1576978F-E93D-4A47-90B6-6A4E3A7DE558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D339FE5-001F-4005-88A5-CFFE37F9B63E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDABA86-497E-497E-A5BA-46F913A4840A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD886F4C-DB6F-4DDD-9807-8BCBB625C226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E16912A-7F6A-4A2B-B70F-D1FCD34BC7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C454B7-E5F4-4AAE-B577-FD71FA002C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38BE2781-3A06-4D62-AC8B-68B721DA526B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AE4EA5-B8C8-4AE2-9614-F9DBDB4D79DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA23772-2EB8-4BEE-8703-26D967EC4503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "72DC766A-B1F9-4B83-9F9B-CF603EE476BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA594740-43C5-4F42-BA5B-00CA8AE7BB60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "572B16E2-8118-43A0-9A80-5D96831D55FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FB5C551-BADC-4A3A-93E5-2EBCA0704C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5383B7A3-1569-4FEB-B299-B87CE8C8A87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A05BBDE0-6C47-4489-9455-7DA7D230ECA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1789AA69-EA31-44D1-82E6-228E48E18586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A7D5FF-3B1F-4C64-BB81-7A349765520D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D93A92E9-C8D2-4F6E-A5CA-E8AFFEEC7E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F0498B3-393A-4C32-B338-E6014B956755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C451F752-6869-4AFA-BAE5-5C9A54427BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83710FD1-099B-436D-9640-061D515E10BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B71CE-6156-40E1-B068-A2B733E205E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DEEEE5-5055-4CE1-962C-C5F075F4CC02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8718DDAB-3208-48CF-9BCE-54DA1257C16A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1AA901-E822-4240-9D82-C9311E4F87B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CDE3DF-8E79-4997-94EB-B517FFCAE55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A0DE13-EB0B-493B-BC84-3AEB3D454776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1727697B-1F59-4E29-B036-C32E9076C523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E69E827C-C0D0-46C7-913A-1C1E02CEAACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2528F3F9-34DC-41DA-8926-382CB3EF5560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E452C262-5A8D-4D97-BC7F-A4F5FF53A659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D57BF69-D750-4278-98AA-976B0D28E347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76ADAE30-6CAD-4F5B-B6F7-C18953144C63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A25D792-E21D-43EE-8B9D-67DE066DE5DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C669783-C058-4B4F-BB9A-84B2C4682247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "159B088B-9A85-4CAA-854A-AA080E528F95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBE74A94-FE8F-4749-A35A-AB7D57E24913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "990AC341-0E67-4A81-87E9-EE3EFD9E847E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53BC18B0-58F1-4477-9978-CA7383C197FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "474992FB-842D-4661-A565-44AF2CD78693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "476E1B79-5342-4895-96D7-E97DFC1F5334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD318D5-89A6-4E28-939C-C5B61396806B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "981AD3FF-1D14-4ECD-8B6F-BCEB7F2409AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32C7E89-32ED-4328-9313-FA7D3DDBDC58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2792EED8-2CBD-478E-BC09-05FE830B3147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B1AF2F-6E48-4DBD-A60E-3088CA4C3771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*",
              "matchCriteriaId": "34E1691D-65B3-45E4-A544-8B29E38D569D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*",
              "matchCriteriaId": "E42F2703-B8AB-410E-AF7B-CD0BE777F061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*",
              "matchCriteriaId": "31244C94-00A3-499C-A91A-1BEF2FB0E6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*",
              "matchCriteriaId": "878FF6E8-8A6D-44CE-9DD1-2C912AB8A193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5078A95B-2BD8-4A37-A356-F53D1A53CB37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BFE67CD-DE53-4C4E-8245-35902AEFA6E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F231D31-3AAD-4C5D-A225-D2DF94486718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5998DF5D-E785-45EC-B8D0-1F4EC4F96D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EADFD013-0BFB-427C-98E6-F9E4774DCBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "58620B10-FEA6-456D-B6B5-2745F5DBE82D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8F698B1-D9CF-4FE5-933D-EFCEA3056E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4858A1F0-97F2-4258-AB98-027BF1EC5117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C961A8B-EAFD-4F66-9432-BCC0D154ECCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "052DE6CD-A1E7-4E81-B476-66EF451061C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE1AE1E-6FC0-41D8-857C-C5A99CAF5823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "751B3AC8-D45E-46B6-83D5-311B693F3C0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9588277A-0B97-4408-9CF7-11271CDAADD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "479FE854-85E5-4ED0-BFAF-2618C9053082",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*",
              "matchCriteriaId": "E048B9BF-77C8-49F7-9F2D-9999F79BA264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD16D4D-E816-486D-96F4-5A2BF75B959F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "169C558E-1A83-47D5-A66B-035BD1DD56FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D683E509-3FB2-4175-BCAB-4EB1B5C04958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCFA915-5445-4732-9F8F-D7561BA4177F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63A9FD98-C22D-48F6-87A1-60791C818A1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F99F24-1783-4E6E-BE61-04C2E80356ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "74CC7EB9-3F59-4C0A-B3A1-984BCCFB25BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*",
              "matchCriteriaId": "85289E4C-C813-4677-867D-EE8E98F4A1A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C8150F-BEFA-406D-9F0D-E7CB187E26AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E807F90-819F-4103-B1F7-4CE46971BD63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD93203F-71B9-4F87-B5D8-FD273451C8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E652C74-C48D-4F29-9E85-09325632443F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "99158191-3013-4182-8A53-5DFCA1E2C60A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7E39A3E-7EAE-47C9-930B-58A980B73FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFDA54BA-C00D-4890-9B7F-328257607B21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5EFB1E-334C-4B55-8E2E-6AE19B34774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8260DCA-2F0C-45F7-B35F-D489AF5639F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7778F81B-6D05-4666-B1D4-53DB0EC16858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DC6706A-61F7-4AA0-B2FF-0FFDF739A644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF1B16B-02F2-4ECA-938E-B5CDCFC67816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C5501D8-1B0D-4F5A-AFD7-C63181D3281F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1751F0CE-A0D3-40E2-8EEC-D31141FE33A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FF9AFA7-BBE8-4229-94CB-5A9596728BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23A777F-68A4-4217-A75A-4D8A27E6451A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA27DFB-CDD1-4F52-86B3-DB2320A9C7B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "392A4337-11F6-4980-A138-4FDBCAD0EBA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E9BB67-F1FF-4190-889F-78B965CCE934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4185A70-5D10-448E-A9AB-AA9D5CDF0FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "35607317-0928-4297-A33E-D44BEE1BBEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D48323B1-7FEB-451F-A064-23E7CE7F6403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29EF4E8A-EF37-4DCC-B5D4-DA89AF31DD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5763189-7980-4A72-92C9-1908FE9E15EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C53ACD49-DA21-4DDE-A0AA-FCCD59D29886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4326D350-EBC2-48E6-A2C6-0499F6826CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8594E6FE-B6DB-4343-B3DD-AEC19923DAF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BCADA00-E453-414D-9933-FCB43D21BBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E62212D9-F707-4A8E-AB2A-A3985E7A4049",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "561755A8-8AAD-4F41-8266-747EFDAF2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6F4BB0F-DAF4-479B-B78A-7929C151AA1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A207312E-1D35-4464-A111-22C4C793E146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9B16E32-07D5-445B-BAA5-4E4A0881BFC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CF08F6B-2ECB-414C-82D7-C06085BF8B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "21032BE3-74D8-4C3F-B461-158F475B6853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F9AC992-59B7-44EE-9FF3-567AC48938AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:85115:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DB6A2ED-D433-4A8E-8044-02571D0BBD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:85118:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F819519-61B6-4ED0-8A23-509D6B26ACE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:85119t:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2D81C40-4BD0-4D25-95B4-44BE2011F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:85120:*:*:*:*:*:*:*",
              "matchCriteriaId": "85C3A39E-29D3-4C02-89A6-D5B3475EF592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:85120t:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70340A2-71DC-4D4D-BA2E-2B2E9ACDBE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:85122:*:*:*:*:*:*:*",
              "matchCriteriaId": "586DB792-9FF6-4253-9DAE-F3ACA3F1C489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86126:*:*:*:*:*:*:*",
              "matchCriteriaId": "330576E9-3A92-4E22-BBC0-94A12ACE1032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86126f:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C644430-A075-40E1-8E35-15B97D8E9078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86126t:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC094AC-0A3A-43F3-823A-089235D04A7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86128:*:*:*:*:*:*:*",
              "matchCriteriaId": "5835FB20-922D-4478-8E4B-A53CCEE46198",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86130:*:*:*:*:*:*:*",
              "matchCriteriaId": "667A34BF-8699-477D-B30A-CEF0A36FC81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86130f:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE586938-ED60-40EA-8177-30267C7A3E58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86130t:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF902C36-0708-4B93-9504-5EA7EEDD628F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86132:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0BC5EBB-2F1A-45C4-A8A7-122FBE4CBC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86134:*:*:*:*:*:*:*",
              "matchCriteriaId": "795F5800-8C06-426B-80AA-20F8E402ACAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86134m:*:*:*:*:*:*:*",
              "matchCriteriaId": "173E49AF-95A9-4DAE-8C74-13CFCA8F0726",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86136:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE96391-4F25-4505-B757-D1F15ABD9FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86138:*:*:*:*:*:*:*",
              "matchCriteriaId": "D037E4BA-35B9-42CB-9DDE-BED3DF49B958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86138f:*:*:*:*:*:*:*",
              "matchCriteriaId": "43288516-FA4D-4D8F-9E69-EA27115EB43B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86138t:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EF19E9-FE9A-4ED7-8D9E-848F10C088B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86140:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB72D0E-0E34-4EF3-98FB-52BE4A135D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86140m:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DDE7F94-D938-40BA-A1F6-CE52D0B74ECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86142:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0E39247-337C-49D1-BF1B-504F2DA4EBA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86142f:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45FA7CB-6523-4042-8832-193D87102F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86142m:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E350A6-9EC7-4E14-9790-040F154CE15D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86144:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8D70B4E-6B85-459C-AACA-59AB5CCC0B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86146:*:*:*:*:*:*:*",
              "matchCriteriaId": "565EB5E9-3B86-4353-BFF6-3F5D27140B42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86148:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32CBB5D-392A-4CD1-82D3-A97D822FADFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86148f:*:*:*:*:*:*:*",
              "matchCriteriaId": "383E08FE-EE7A-4E41-9AAD-786779D4B5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86150:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D50C6D5-3452-4214-B3FF-9F8009D75C3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86152:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93954C6-9B01-4CEB-8925-5D3F415AFC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:86154:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B7D54E5-6EDE-44DE-AEA6-F7F76E3EC36F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CB2949C-4699-49EF-83EB-31199E0CE2DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C169DC-EEFE-4DE6-A3D0-65B606527240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD28227A-8888-43B2-BC41-8D54B49DA58C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*",
              "matchCriteriaId": "7984BAEA-4518-4E17-830E-B34D09648BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2214E5-491E-448F-A4B6-A497FB44D722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE93013-C262-46A5-8E77-D647881EE632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*",
              "matchCriteriaId": "85B53CEC-943F-4966-8EC1-CB2C6AD6A15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAC04A3-EBE3-406B-B784-A3547162ECE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*",
              "matchCriteriaId": "15720FFE-B2A4-4347-BCD7-DFA6774C0B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F46B0E-C746-44B4-B343-E3DCAB4B98DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AE30903-4F75-4D71-A8BB-44D1099E9837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*",
              "matchCriteriaId": "98311EAA-26C8-4092-8BE5-4E7BEAA68DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB8CF348-811C-4342-ACB9-AFCABCC34331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*",
              "matchCriteriaId": "71998EC5-EC0F-496C-B658-3CD91D824944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1F19B2A-E7A1-4B97-AC40-02B0D3673555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6387C9-C0A8-4B26-BC62-802775CD0AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFEB0164-77C2-4EC2-92FD-5FCE246119CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB20210-337C-4220-8CA1-F4B2BC54EBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*",
              "matchCriteriaId": "F699569F-4F52-4CC0-90D9-CC4CBC32428A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBAED22B-D097-49C4-ADDF-4B3F3E1262D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACF5C3C2-EE69-4DE7-A76C-C797192EE7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*",
              "matchCriteriaId": "7756B588-5A63-4508-8BDD-92DB8CB0F4AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*",
              "matchCriteriaId": "316E26AE-67A5-4E75-8F9B-ECF4A03AED51",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "001AB619-157E-40B4-B86C-5DB18245D62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:57:*:*:*:*:*:*:*",
              "matchCriteriaId": "38D51E27-28A3-47A1-9C36-1A223858E352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:72:*:*:*:*:*:*:*",
              "matchCriteriaId": "365DF3EF-E7D1-41FC-8382-D3B095542D59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:mrg_realtime:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB0FFE3-4BE1-4024-BCC6-1B87074DE2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
              "matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:virtualization_manager:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E938A8EB-68FE-427B-B67E-C880FBF54BBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FA1A18F-D997-4121-A01B-FD9B3BF266CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "967EC28A-607F-48F4-AD64-5E3041C768F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "13E02156-E748-4820-B76F-7074793837E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3EFED2-F6BC-46D9-AB22-D5ED87EF4549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:itc1500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BC8E8CF-2507-49DE-BF54-CCF16A2861F5",
              "versionEndExcluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:itc1500:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BCB01-8856-4F6F-86B6-A1DB878C3062",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:itc1500_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5178C320-CDB7-4180-951B-BFBCFAFB7FAA",
              "versionEndExcluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:itc1500_pro:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE4079D-C47A-4D57-9B37-947DE42F8A60",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:itc1900_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1F645D-141D-4BCB-8F90-4A7BCC08988B",
              "versionEndExcluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:itc1900:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B203F60B-0694-4B46-96CB-E8C5E4375E85",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:itc1900_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F702CAFB-3ED9-4185-9781-1DAA8A0B01DD",
              "versionEndExcluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:itc1900_pro:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C231846-D2BC-428F-AADE-A7E09DB3A547",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:itc2200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBA817DF-52C1-4FCC-A661-F81D923A18EF",
              "versionEndExcluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:itc2200:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D00016F2-3E88-4F57-AD2B-378153E73956",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:itc2200_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B30A4009-B0DD-492E-AEC1-985261707AC3",
              "versionEndExcluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:itc2200_pro:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4ED0315-9898-4110-96AB-5C198357ED83",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:local_service_management_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E49B728-E8DE-4B23-9564-7BFDED6F299E",
              "versionEndIncluding": "13.3",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:ruggedcom_ape_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48B6FA71-3077-4202-A9A1-CBDF9AE2521E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:ruggedcom_ape:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4F2A68-3715-4F86-BEEC-8C4D4341B100",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_et_200_sp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B42251AC-8FED-4BDE-93B3-5203F32D6313",
              "versionEndExcluding": "2.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_et_200_sp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A661231-49DF-477F-954A-702839A9266B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_field_pg_m4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CAD5D20-80DB-4A09-AFBA-BCA594DE3B93",
              "versionEndExcluding": "18.01.09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_field_pg_m4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ADAD919-32C1-49D2-A419-C9A803DB6250",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "503E551C-FC5F-4ABC-8DEA-E360701F0B33",
              "versionEndExcluding": "22.01.06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "506DEE00-30D2-4E29-9645-757EB8778C0F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc3000_smart_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "664FC58B-33E9-43E4-A87E-5C78F935C332",
              "versionEndExcluding": "1.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc3000_smart:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4809A582-BC22-41A0-815A-32CF2BA197F2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc347e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45509778-898E-45DF-B14E-68B6C456B9B6",
              "versionEndExcluding": "1.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc347e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49D276DE-950F-4A61-BA13-DD5D07A17571",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc427c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2AB7B8D-D6FB-43A0-865D-58D4CDF96C06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc427c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA7336B-85CA-4A15-B7A6-D20B67041CCB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc427d_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA3B550-EB8B-4EBB-A1F0-14152A6791DD",
              "versionEndExcluding": "17.0x.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc427d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "46CC8AFE-ED6C-4A50-AC80-D2309E03FAE4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F546AF-8F80-4E0A-9B92-86E3A1F931C0",
              "versionEndExcluding": "21.01.09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A40D0CDB-7BE6-491F-B730-3B4E10CA159A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc477c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55FC2D5-DCF6-4A24-873F-D0CF80DB3921",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc477c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E4335E3-D2BB-4465-BBC8-611C7F85BEF8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc477d_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "435F7F3C-7483-4101-BC0A-E1E2BB66D6C1",
              "versionEndExcluding": "17.0x.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc477d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "754A6744-5194-4A99-BD3B-944A8707C80F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B5B6E6B-16A0-4236-AABE-82385B53EC78",
              "versionEndExcluding": "21.01.09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDF9D4C3-1892-48FA-95B4-835B636A4005",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "224D0968-6414-41F7-8929-C69D524A416F",
              "versionEndExcluding": "21.01.09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC5CE20-7D08-4496-A857-C3A4BD0AB1AC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc547e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D476D093-4A97-499C-B40D-7A301BC9AA2E",
              "versionEndExcluding": "r1.30.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc547e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DD4A97-1648-4C7F-A5A0-6899BD13A617",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc547g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "940CCA5A-EC4A-4D46-B56C-4FC3698707E0",
              "versionEndExcluding": "r1.23.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc547g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EB339B5-602F-4AB5-9998-465FDC6ABD6C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc627c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "203B30DB-52C6-48ED-8A94-76F775DA1198",
              "versionEndExcluding": "15.02.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc627c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD1A57A9-F6E5-4672-BD22-09EF5522CA10",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc627d_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "790D244A-AC3D-4BBC-9139-A90048FD375A",
              "versionEndExcluding": "19.02.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc627d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "509AD120-3465-4C00-AAB3-B6F6ED708B51",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc647c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05466B50-76ED-41E7-87DC-96CA95AAC6A2",
              "versionEndExcluding": "15.01.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc647c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E752006C-6D94-4B14-B3A5-C9BB94141BDB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc647d_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C046182-BB33-41D0-B041-1566B8041917",
              "versionEndExcluding": "19.01.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc647d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0EF28FB-BAB3-4710-9D25-25F67ACADC60",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc677d_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DE74300-E061-452E-AD1D-6DD7C2C62729",
              "versionEndExcluding": "19.02.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc677d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "057D9947-CE4A-4B4C-B721-4B29FB71350C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc677c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F232B7B4-D633-47ED-B435-6EB6530019F4",
              "versionEndExcluding": "15.02.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc677c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E74F55B7-DE3D-4D74-A7E7-9BCB8F7B114A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc827c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C0D4DB3-FBA2-4868-8A38-5D81E622C709",
              "versionEndExcluding": "15.02.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc827c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FFD2D72-5464-4B86-BACB-61F55A081C3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc827d_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE4A7C13-6F81-4629-9C28-9202028634AE",
              "versionEndExcluding": "19.02.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc827d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6D87239-40C1-4038-B734-D77AC4DDD571",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc847c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8014E0E5-F880-4886-8294-7EC971D5BBF9",
              "versionEndExcluding": "15.01.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc847c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "687E1212-EC5A-47BA-ACAB-74F6C98B7C34",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc847d_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93485235-481B-4BAF-BB7A-81BB5AA1BC53",
              "versionEndExcluding": "19.01.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc847d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8F37D88-E086-4060-8420-BD0F8D8FF580",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD949046-46E5-48C9-883B-92F04926E8BC",
              "versionEndExcluding": "23.01.04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "187C6D51-5B86-484D-AE0F-26D1C9465580",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F81F41D-480F-4443-927E-00607DD40BF5",
              "versionEndExcluding": "2.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "30DDEA9B-E1BF-4572-8E12-D13C54603E77",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simotion_p320-4e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8102F17-F6DA-4EE9-B533-EA806D9E7F7E",
              "versionEndExcluding": "17.0x.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simotion_p320-4e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EE09494-625A-4FF7-8B3E-6510FF9AFC9C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:sinumerik_840_d_sl_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE8095A5-3677-4024-9437-C46DA382C280",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:sinumerik_840_d_sl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9565FE15-A705-4D0A-BFA3-30871FDCF9DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:sinumerik_pcu_50.5_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E16526D-CCA8-45B2-829E-4562A7440356",
              "versionEndExcluding": "15.02.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:sinumerik_pcu_50.5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9220E9B5-5A0E-4F90-9A2C-B4692E937DBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:sinumerik_tcu_30.3_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE42ABA9-E5D8-4589-B111-AE191747E03D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:sinumerik_tcu_30.3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E53E94C-0F57-4A71-B919-C34984A5ADB6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:sinema_remote_connect_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2051E518-7CCD-4B49-9705-BDDC37177BE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:sinema_remote_connect:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF739F2D-744A-44CE-8DA7-F89A14239943",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mitel:micloud_management_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "417953F8-F722-4CD0-BC59-1192A4533505",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitel:micollab:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E87F32-4157-42A3-A758-36AA2A4D7AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitel:mivoic_mx-one:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CEABF0C-99D9-415D-B8CB-B632C644664E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitel:mivoice_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "150C225A-C4A0-4CC7-91AA-8F341D8152F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitel:mivoice_border_gateway:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "762B1578-25AD-4ACC-A1AE-C325155F49F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitel:mivoice_business:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E561C59C-9E46-4FE1-8DA7-5E524FB9D87E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitel:mivoice_connect:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1077221-796B-44E7-A278-579F41BA5DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitel:open_integration_gateway:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D6F3481-E5DF-452A-AE3C-1ED648B54234",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sonicwall:cloud_global_management_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BD39AA6-8D0B-405C-8A69-9264C82BCDAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sonicwall:email_security:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CD00A81-9A08-4C24-B720-BC7C99DCF19B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sonicwall:global_management_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2008DF4A-1AC8-4CC0-8649-823B3B6BD329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sonicwall:secure_mobile_access:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AD3D92A-D07F-4087-81AF-0FA78E290DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sonicwall:web_application_firewall:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0220EB54-D74B-451C-8FA6-D71BF39B578F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicosv:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ED1C215-1656-4113-B571-9479FDEB9ACF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nvidia:jetson_tx1:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05993AD-FABF-49A6-B3F5-6DF1B0835321",
              "versionEndExcluding": "r28.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nvidia:jetson_tx2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1455BBEB-871A-41FE-A4BD-6DC583777252",
              "versionEndExcluding": "r28.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC248D3F-1D6D-48FC-94BA-3C24A182D172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:microsoft:surface_book:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "987ECFC7-D504-488D-B977-FEC182819567",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:microsoft:surface_book:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75F0910-3EED-4365-B03E-B3295A762656",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:microsoft:surface_pro:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "12C0B9FE-09FD-4991-BE14-499FFC728EDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:microsoft:surface_pro:4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7585B88F-58FA-4DF2-AA99-185731253A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:microsoft:surface_pro:1796:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD7F77C-F02B-4EAF-8836-C97ACB5AFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:microsoft:surface_pro_with_lte_advanced:1807:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98AB09C-24D8-4B58-9F4A-EF6B42EB27C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:microsoft:surface_studio:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FF4194A-8194-4727-8C10-4F44D5041011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "66CAFDB7-9D41-4E67-AB83-5EB104551FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
    },
    {
      "lang": "es",
      "value": "Los sistemas con microprocesadores que emplean la ejecuci\u00f3n especulativa y que realizan la ejecuci\u00f3n especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas las anteriores escrituras de memoria podr\u00edan permitir la divulgaci\u00f3n no autorizada de informaci\u00f3n a un atacante con acceso de usuario local mediante un an\u00e1lisis de canal lateral. Esto tambi\u00e9n se conoce como Speculative Store Bypass (SSB), Variant 4."
    }
  ],
  "id": "CVE-2018-3639",
  "lastModified": "2024-11-21T04:05:48.867",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-22T12:29:00.250",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104232"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040949"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042004"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://xenbits.xen.org/xsa/advisory-263.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1629"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1630"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1632"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1633"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1635"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1636"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1637"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1638"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1639"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1640"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1641"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1642"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1643"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1644"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1645"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1646"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1647"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1648"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1649"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1650"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1651"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1652"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1653"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1654"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1655"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1656"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1657"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1658"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1659"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1660"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1661"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1662"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1663"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1664"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1665"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1666"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1667"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1668"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1669"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1674"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1675"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1676"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1686"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1688"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1689"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1690"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1696"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1710"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1711"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1737"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1738"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1826"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1854"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1965"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1967"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1997"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2001"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2003"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2006"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2060"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2161"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2162"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2164"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2171"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2172"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2216"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2228"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2246"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2250"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2258"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2289"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2309"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2328"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2363"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2364"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2387"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2394"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2396"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2948"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3396"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3397"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3398"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3399"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3400"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3401"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3402"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3407"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3423"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3424"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3425"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:0148"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1046"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/36"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX235225"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3651-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3652-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3653-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3653-2/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3654-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3654-2/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3655-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3655-2/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3679-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3680-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3756-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3777-3/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4210"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4273"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44695/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/180049"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_18_23"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://xenbits.xen.org/xsa/advisory-263.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1638"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1641"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1644"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1649"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1653"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1654"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1655"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1674"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1675"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1710"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2162"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2258"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2396"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3396"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3399"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3400"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3425"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:0148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/36"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX235225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3651-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3652-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3653-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3653-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3654-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3654-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3655-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3655-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3679-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3680-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3756-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3777-3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44695/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/180049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_18_23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-07-12 07:15
Modified
2024-11-21 08:11
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdfVendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0F4FA6-8C57-494B-B6AB-5CF125AFBAEE",
              "versionEndIncluding": "7.9.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\n\n\n\n\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\ncould cause remote code execution when an admin user on DCE uploads or tampers with install\npackages. \n\n \n\n\n\n"
    }
  ],
  "id": "CVE-2023-37198",
  "lastModified": "2024-11-21T08:11:10.587",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-12T07:15:10.597",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102592Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3614-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102592Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3614-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4166Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 9.0.1
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: JGSS). Las versiones compatibles que se han visto afectadas son JavaSE: 7u161, 8u152 y 9.0.1; Java SE Embedded: 8u151. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar ligeramente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 6.8 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)."
    }
  ],
  "id": "CVE-2018-2634",
  "lastModified": "2024-11-21T04:04:06.943",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:20.680",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102592"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:03
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102663Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3614-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102663Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3614-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4166Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7283D6DD-DBFA-456F-9381-692B605B5625",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Libraries). Las versiones compatibles que se han visto afectadas son JavaSE: 6u171, 7u161, 8u152 y 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos de esta vulnerabilidad pueden resultar en un acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de Java SE, JRockit y Java SE Embedded. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 3.7 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    }
  ],
  "id": "CVE-2018-2579",
  "lastModified": "2024-11-21T04:03:58.473",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:18.227",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102663"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102576Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3614-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102576Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3614-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4166Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 9.0.1
oracle jrockit r28.3.16
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7283D6DD-DBFA-456F-9381-692B605B5625",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JMX). Las versiones compatibles que se han visto afectadas son JavaSE: 6u171, 7u161, 8u152 y 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de datos confidenciales o de todos los datos accesibles de Java SE, Java SE Embedded y JRockit, as\u00ed como el acceso sin autorizaci\u00f3n a datos confidenciales o todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad s\u00f3lo puede ser explotada proporcionando datos a las API en los Componentes especificados sin emplear aplicaciones Java Web Start que no son de confianza o applets Java que no son de confianza, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 7.4 (impactos de confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
    }
  ],
  "id": "CVE-2018-2637",
  "lastModified": "2024-11-21T04:04:07.403",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:20.803",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102576"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102576"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-19 02:29
Modified
2024-11-21 04:04
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/103810Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201903-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103810Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.8.0
oracle jdk 10
oracle jre 1.8.0
oracle jre 10
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "4009C7E0-94C7-4838-94CF-5607D7C575CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0231D6-CA6A-4F76-997A-93AFB840CAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "0F88A87F-D142-4FFD-8121-52FC9A4B70E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "095351DA-F50B-4BAF-A4EF-A9C1F8E40E12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Install). Las versiones compatibles que se han visto afectadas son JavaSE: 8u162 y 10. Esta vulnerabilidad dif\u00edcilmente explotable permite que un atacante no autenticado con inicio de sesi\u00f3n en la infraestructura en la que se ejecuta Java SE comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: aplica al proceso de instalaci\u00f3n en el despliegue del cliente de Java. CVSS 3.0 Base Score 7.7 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2018-2811",
  "lastModified": "2024-11-21T04:04:30.843",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-19T02:29:04.443",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103810"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/102656Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3613-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3614-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4144Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102656Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040203Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0099Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0100Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0115Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0349Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0458Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1463Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/04/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3613-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3614-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4144Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4166Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 9.0.1
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 9.0.1
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
schneider-electric struxureware_data_center_expert *
hp xp_command_view *
hp xp_p9000_command_view *
hp xp7_command_view *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "CB929C7D-A5EE-4603-9414-E535408B41A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "4AA4AF8B-2E5E-4A5E-8930-B53A01A22C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "A2EB8815-20EE-4A0B-A001-73995114333D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "A86C2A04-A51C-403A-AAB5-81872453022D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*",
              "matchCriteriaId": "32F5FDBE-ED30-48A9-B130-A48309C7D2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*",
              "matchCriteriaId": "1988C207-4D9F-4FD2-9652-30CB2C65FE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "F5B13AEB-7C8C-49EB-BD13-CBA12CA529BA",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DA653F23-232D-4086-B9A4-4D809C87D9F1",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "E92000F8-241D-4731-809F-C1D32F99AF9A",
              "versionStartIncluding": "8.6.2-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: AWT). Las versiones compatibles que se han visto afectadas son JavaSE: 6u171, 7u161, 8u152 y 9.0.1; Java SE Embedded: 8u151. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 4.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2018-2677",
  "lastModified": "2024-11-21T04:04:13.017",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T02:29:22.647",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102656"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03911en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3613-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3614-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4166"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-04-18 21:15
Modified
2024-11-21 07:49
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCD63E5-0A70-47B2-9F4F-5328E0BD04B0",
              "versionEndIncluding": "7.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\n\n\n\n\nA CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS\nCommand Injection\u0027) vulnerability exists that allows a local privilege escalation on the appliance\nwhen a maliciously crafted Operating System command is entered on the device.\n\n \n\n \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
    }
  ],
  "id": "CVE-2023-25554",
  "lastModified": "2024-11-21T07:49:43.193",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-18T21:15:08.843",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-19 02:29
Modified
2024-11-21 04:04
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/103847Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
secalert_us@oracle.comhttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201903-14Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
secalert_us@oracle.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3644-1/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/3691-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4185Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2018/dsa-4225Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103847Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040697Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1188Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1191Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1201Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1202Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1203Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1204Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1205Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1206Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1270Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1278Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1721Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1722Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1723Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1724Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1974Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1975Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180419-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3644-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3691-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4185Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4225Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jdk 10
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jre 10
oracle jrockit r28.3.17
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
hp xp7_command_view *
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "5B9A0DD9-878D-42E8-AA57-283E5D1E0A64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "F5A7A396-AF98-46BD-8B73-8CAC02BF12B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "4009C7E0-94C7-4838-94CF-5607D7C575CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0231D6-CA6A-4F76-997A-93AFB840CAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "DD3B3C9B-A53B-4921-8F5F-FF118283D958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*",
              "matchCriteriaId": "038F6540-6674-4D7A-9A70-A62B0F3C9A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*",
              "matchCriteriaId": "0F88A87F-D142-4FFD-8121-52FC9A4B70E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "095351DA-F50B-4BAF-A4EF-A9C1F8E40E12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A13AA87-5F14-4728-B317-17C3A782FA34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "87D4ED85-90F6-47E6-BF08-3595DB22C7B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
              "versionEndExcluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son JavaSE: 6u181, 7u171, 8u162 y 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2018-2795",
  "lastModified": "2024-11-21T04:04:28.357",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-19T02:29:03.647",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103847"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03857en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03915en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3644-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3691-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4225"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-04-18 21:15
Modified
2024-11-21 07:49
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
cybersecurity@se.comhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdfVendor Advisory
Impacted products
Vendor Product Version
schneider-electric struxureware_data_center_expert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCD63E5-0A70-47B2-9F4F-5328E0BD04B0",
              "versionEndIncluding": "7.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nA CWE-863: Incorrect Authorization vulnerability exists that could allow access to device\ncredentials on specific DCE endpoints not being properly secured when a hacker is using a low\nprivileged user. \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
    }
  ],
  "id": "CVE-2023-25548",
  "lastModified": "2024-11-21T07:49:42.517",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-18T21:15:08.463",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}