CVE-2017-10388

high-risk

Published 2017-10-19

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

Do I need to act?

0.54% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / HIGH complexity

Affected Products (20)

Jdk

Jre

Satellite

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Workstation

Active Iq Unified Manager

Cloud Backup

E-Series Santricity Management Plug-Ins

E-Series Santricity Os Controller

Element Software

Oncommand Balance

Affected Vendors

Oracle Debian Redhat Netapp

References (38)

Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Broken Link http://www.securityfocus.com/bid/101321

Broken Link http://www.securitytracker.com/id/1039596

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2998

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2999

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3046

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3047

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3264

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3267

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3268

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3392

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3453

Mailing List https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html

Third Party Advisory https://security.gentoo.org/glsa/201710-31

Third Party Advisory https://security.gentoo.org/glsa/201711-14

Third Party Advisory https://security.netapp.com/advisory/ntap-20171019-0001/

Third Party Advisory https://www.debian.org/security/2017/dsa-4015

Third Party Advisory https://www.debian.org/security/2017/dsa-4048

Third Party Advisory https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK

Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

and 18 more references

/ 100

high-risk

Severity 22/34 · High

Exploitability 2/34 · Minimal

Exposure 26/34 · High