CVE-2017-10176

high-risk
Published 2017-08-08

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Do I need to act?

~
2.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Jdk
Jre
Fl Mguard Dm

Affected Vendors

Netapp Oracle Debian Phoenixcontact

References (20)

Third Party Advisory http://www.debian.org/security/2017/dsa-3919
Third Party Advisory http://www.debian.org/security/2017/dsa-3954
Patch http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Broken Link http://www.securityfocus.com/bid/99788
Broken Link http://www.securitytracker.com/id/1038931
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1790
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1791
Third Party Advisory https://cert.vde.com/en-us/advisories/vde-2017-002
Third Party Advisory https://security.gentoo.org/glsa/201709-22
Third Party Advisory https://security.netapp.com/advisory/ntap-20170720-0001/
Third Party Advisory http://www.debian.org/security/2017/dsa-3919
Third Party Advisory http://www.debian.org/security/2017/dsa-3954
Patch http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Broken Link http://www.securityfocus.com/bid/99788
Broken Link http://www.securitytracker.com/id/1038931
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1790
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1791
Third Party Advisory https://cert.vde.com/en-us/advisories/vde-2017-002
Third Party Advisory https://security.gentoo.org/glsa/201709-22
Third Party Advisory https://security.netapp.com/advisory/ntap-20170720-0001/
54
/ 100
high-risk
Severity 26/34 · High
Exploitability 6/34 · Minimal
Exposure 22/34 · High