Vulnerability CVE-2018-3150

Vulnerability Name:

CVE-2018-3150 (CCN-151466)

Assigned:

2017-12-15

Published:

2018-10-16

Updated:

2019-10-03

Summary:

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data.
Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

CVSS v3 Severity:

3.7 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
3.2 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
3.2 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

3.7 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
3.2 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2018-3150

Source: CCN
Type: Oracle CPUOct2018
Oracle Critical Patch Update Advisory - October 2018

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Source: BID
Type: Third Party Advisory, VDB Entry
105597

Source: CCN
Type: BID-105597
Oracle Java SE CVE-2018-3150 Remote Security Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1041889

Source: REDHAT
Type: UNKNOWN
RHSA-2018:3521

Source: XF
Type: UNKNOWN
oracle-cpuoct2018-cve20183150(151466)

Source: GENTOO
Type: UNKNOWN
GLSA-201908-10

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20181018-0001/

Source: UBUNTU
Type: UNKNOWN
USN-3804-1

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-3150

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:jdk:11.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jre:11.0.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:java_se:11:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20183150	V	CVE-2018-3150	2023-06-22
oval:org.opensuse.security:def:7535	P	java-11-openjdk-11.0.19.0-150000.3.96.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:682	P	Security update for python-M2Crypto (Important)	2022-08-05
oval:org.opensuse.security:def:3111	P	java-11-openjdk-11.0.4.0-1.26 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3531	P	java-11-openjdk-11.0.4.0-1.26 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:2956	P	java-11-openjdk-11.0.15.0-150000.3.80.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94586	P	java-11-openjdk-11.0.15.0-150000.3.80.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:86	P	java-11-openjdk-11.0.10.0-3.53.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:382	P	vsftpd-3.0.5-150400.1.6 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:112455	P	java-11-openjdk-11.0.12.0-3.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112457	P	java-13-openjdk-13.0.8.0-3.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112459	P	java-15-openjdk-15.0.4.0-2.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:8727	P	Security update for busybox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:94268	P	(Important)	2022-01-11
oval:org.opensuse.security:def:8694	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:69774	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:6725	P	Security update for the Linux Kernel (Live Patch 23 for SLE 15) (Important)	2021-12-14
oval:org.opensuse.security:def:9418	P	Security update for tomcat (Important)	2021-11-16
oval:org.opensuse.security:def:8669	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:105959	P	java-11-openjdk-11.0.12.0-3.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:105960	P	java-13-openjdk-13.0.8.0-3.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:105961	P	java-15-openjdk-15.0.4.0-2.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:37502	P	Security update for curl (Moderate)	2021-09-23
oval:org.opensuse.security:def:71212	P	java-11-openjdk-11.0.3.0-3.24.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61471	P	java-11-openjdk-11.0.3.0-3.24.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96591	P	java-11-openjdk-11.0.3.0-3.24.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:89626	P	java-11-openjdk-11.0.3.0-3.24.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103281	P	java-11-openjdk-11.0.3.0-3.24.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:9396	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:46904	P	chrony-2.3-3.110 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47902	P	tboot-20170711_1.9.7-1.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48050	P	java-11-openjdk-11.0.4.0-1.26 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14930	P	java-11-openjdk-11.0.4.0-1.26 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46918	P	curl-7.37.0-28.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47964	P	binutils-2.32-9.36.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47039	P	libjson-c2-0.11-2.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48029	P	groff-1.22.2-5.287 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47232	P	cups-filters-1.0.58-17.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48060	P	krb5-appl-clients-1.0.3-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46903	P	bzip2-1.0.6-29.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47364	P	libjpeg-turbo-1.3.1-30.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48131	P	libjavascriptcoregtk-3_0-0-2.4.11-23.20 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47456	P	p7zip-9.20.1-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47604	P	eog-3.20.4-7.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47818	P	libykcs11-1-1.5.0-3.16 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:100981	P	java-11-openjdk-javadoc-11.0.7.0-3.42.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63424	P	java-11-openjdk-javadoc-11.0.7.0-3.42.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63478	P	java-11-openjdk-javadoc-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:107647	P	java-11-openjdk-javadoc-11.0.7.0-3.42.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2335	P	java-11-openjdk-javadoc-11.0.7.0-3.42.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2389	P	java-11-openjdk-javadoc-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:1015	P	java-11-openjdk-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100862	P	java-11-openjdk-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71845	P	java-11-openjdk-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62104	P	java-11-openjdk-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:6692	P	Security update for the Linux Kernel (Live Patch 22 for SLE 15) (Important)	2021-07-27
oval:org.opensuse.security:def:49123	P	Security update for containerd (Moderate)	2021-07-20
oval:org.opensuse.security:def:69669	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:70982	P	libjasper4-2.0.14-1.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48769	P	empathy-3.12.12-5.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48823	P	argyllcms-1.6.3-3.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70869	P	avahi-0.6.32-3.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:8594	P	Security update for libwebp (Critical)	2021-06-04
oval:org.opensuse.security:def:93738	P	(Moderate)	2021-05-26
oval:org.opensuse.security:def:8758	P	Security update for lz4 (Important)	2021-05-19
oval:org.opensuse.security:def:8575	P	Security update for python-Pygments (Important)	2021-05-04
oval:org.opensuse.security:def:7416	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:8745	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:6667	P	Security update for the Linux Kernel (Live Patch 23 for SLE 15) (Important)	2021-04-28
oval:org.opensuse.security:def:6443	P	Security update for open-iscsi (Important)	2021-04-13
oval:org.opensuse.security:def:8736	P	Security update for spamassassin (Important)	2021-04-13
oval:org.opensuse.security:def:8560	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:6465	P	Security update for openldap2 (Important)	2021-03-08
oval:org.opensuse.security:def:64282	P	Security update for python3 (Important)	2020-12-23
oval:org.opensuse.security:def:67529	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:66418	P	Security update for curl (Moderate)	2020-12-09
oval:org.opensuse.security:def:116675	P	java-11-openjdk-11.0.7.0-3.42.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107117	P	java-11-openjdk-11.0.7.0-3.42.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71512	P	java-11-openjdk-11.0.7.0-3.42.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61771	P	java-11-openjdk-11.0.7.0-3.42.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12924	P	java-11-openjdk-11.0.4.0-1.26 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:100451	P	java-11-openjdk-11.0.7.0-3.42.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36783	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37474	P	kbd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64195	P	libpacemaker-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:72991	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:36919	P	liblcms1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36687	P	libpython2_7-1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38184	P	fontconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37020	P	smt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37546	P	libldb1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38226	P	java-11-openjdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6435	P	libspice-client-glib-2_0-8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66326	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:37077	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:7394	P	gpgme on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6734	P	libotr5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73109	P	java-11-openjdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37167	P	libXext6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6511	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6743	P	libpoppler-glib8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8445	P	libspice-client-glib-2_0-8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8437	P	libpython3_4m1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37327	P	sblim-sfcb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6558	P	autofs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6756	P	libsndfile1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8467	P	libyaml-0-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67629	P	java-11-openjdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36688	P	libpython3_4m1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37386	P	augeas on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49069	P	conntrack-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6573	P	cracklib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8513	P	rpcbind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36699	P	libtiff5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37435	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6592	P	elfutils on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20183521	P	RHSA-2018:3521: java-11-openjdk security update (Critical)	2018-11-07
oval:com.ubuntu.bionic:def:201831500000000	V	CVE-2018-3150 on Ubuntu 18.04 LTS (bionic) - medium.	2018-10-17
oval:com.ubuntu.xenial:def:201831500000000	V	CVE-2018-3150 on Ubuntu 16.04 LTS (xenial) - medium.	2018-10-16
oval:com.ubuntu.bionic:def:20183150000	V	CVE-2018-3150 on Ubuntu 18.04 LTS (bionic) - medium.	2018-10-16
oval:com.ubuntu.cosmic:def:201831500000000	V	CVE-2018-3150 on Ubuntu 18.10 (cosmic) - medium.	2018-10-16
oval:com.ubuntu.cosmic:def:20183150000	V	CVE-2018-3150 on Ubuntu 18.10 (cosmic) - medium.	2018-10-16
oval:com.ubuntu.xenial:def:20183150000	V	CVE-2018-3150 on Ubuntu 16.04 LTS (xenial) - medium.	2018-10-16

BACK