Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2018-2826

Disclosure Date: April 19, 2018 •

CVE-2018-2826 CVSS v3 Base Score: 8.3

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

8.3 High

Impact Score:

Exploitability Score:

1.6

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

High

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Changed

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

canonical,
netapp,
oracle

Products

cloud backup -,
e-series santricity management -,
e-series santricity os controller,
e-series santricity storage manager -,
e-series santricity web services -,
jdk 10,
jre 10,
oncommand insight -,
oncommand unified manager,
oncommand unified manager -,
oncommand unified manager 7.3,
oncommand workflow automation -,
santricity cloud connector -,
snapmanager -,
storage replication adapter,
storagegrid -,
ubuntu linux 18.04,
vasa provider,
virtual storage console

References

Canonical

CVE-2018-2826 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2826)

BID-103796 (http://www.securityfocus.com/bid/103796)

Advisory

SECTRACK-1040697 (http://www.securitytracker.com/id/1040697)

USN-3747-1 (https://usn.ubuntu.com/3747-1)

https://security.netapp.com/advisory/ntap-20180419-0001

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Rapid7

Unknown

CVE-2018-2826

Unknown

Unknown

Required

None

Network

CVE-2018-2826

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2018-2826

Unknown

Unknown

Required

None

Network

CVE-2018-2826

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification