Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2018-2627

Disclosure Date: January 18, 2018 •

CVE-2018-2627 CVSS v3 Base Score: 7.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to the Windows installer only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.5 High

Impact Score:

Exploitability Score:

0.8

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

High

Privileges Required (PR):

Low

User Interaction (UI):

Required

Scope (S):

Changed

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

netapp,
oracle,
redhat

Products

active iq unified manager,
cloud backup -,
e-series santricity management plug-ins -,
e-series santricity os controller,
e-series santricity storage manager -,
e-series santricity web services -,
jdk 1.8.0,
jdk 9.0.1,
jre 1.8.0,
jre 9.0.1,
oncommand insight -,
oncommand shift -,
oncommand unified manager -,
oncommand workflow automation -,
plug-in for symantec netbackup -,
santricity cloud connector -,
satellite 5.8,
snapmanager -,
storage replication adapter for clustered data ontap,
storagegrid,
vasa provider for clustered data ontap,
vasa provider for clustered data ontap 6.0,
virtual storage console,
virtual storage console 6.0

References

Canonical

CVE-2018-2627 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2627)

BID-102584 (http://www.securityfocus.com/bid/102584)

Advisory

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

https://security.netapp.com/advisory/ntap-20180117-0001

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

https://access.redhat.com/errata/RHSA-2018:0099

https://access.redhat.com/errata/RHSA-2018:1463

SECTRACK-1040203 (http://www.securitytracker.com/id/1040203)

Rapid7

Unknown

CVE-2018-2627

Unknown

Unknown

Required

Low

Local

CVE-2018-2627

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2018-2627

Unknown

Unknown

Required

Low

Local

CVE-2018-2627

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification