Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2017-10125

Disclosure Date: August 08, 2017 •

CVE-2017-10125 CVSS v3 Base Score: 7.1

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.1 High

Impact Score:

Exploitability Score:

0.5

Vector:

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector (AV):

Physical

Attack Complexity (AC):

High

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Changed

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

netapp,
oracle

Products

active iq unified manager,
cloud backup -,
e-series santricity os controller,
e-series santricity storage manager -,
element software -,
jdk 1.7.0,
jdk 1.8.0,
jre 1.7.0,
jre 1.8.0,
oncommand balance -,
oncommand insight -,
oncommand performance manager -,
oncommand shift -,
oncommand unified manager,
oncommand unified manager -,
plug-in for symantec netbackup -,
snapmanager -,
steelstore cloud integrated storage -,
storage replication adapter for clustered data ontap,
storage replication adapter for clustered data ontap 9.6,
vasa provider for clustered data ontap,
vasa provider for clustered data ontap 6.0,
virtual storage console,
virtual storage console 6.0

References

Canonical

CVE-2017-10125 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10125)

BID-99809 (http://www.securityfocus.com/bid/99809)

Advisory

https://security.netapp.com/advisory/ntap-20170720-0001

SECTRACK-1038931 (http://www.securitytracker.com/id/1038931)

GLSA-201709-22 (https://security.gentoo.org/glsa/201709-22)

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Rapid7

Unknown

CVE-2017-10125

Unknown

Unknown

None

None

Physical

CVE-2017-10125

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2017-10125

Unknown

Unknown

None

None

Physical

CVE-2017-10125

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification