CVE-2018-2588

moderate-risk

Published 2018-01-18

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Do I need to act?

0.38% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Jdk

Jre

Jrockit

Satellite

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Affected Vendors

Hp Debian Redhat Oracle Canonical Schneider-Electric

References (44)

Patch http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Broken Link http://www.securityfocus.com/bid/102661

Broken Link http://www.securitytracker.com/id/1040203

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0095

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0099

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0100

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0115

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0349

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0351

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0352

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0458

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0521

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1463

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1812

Third Party Advisory https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+Struxur...

Mailing List https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html

Third Party Advisory https://security.netapp.com/advisory/ntap-20180117-0001/

Third Party Advisory https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe...

Third Party Advisory https://usn.ubuntu.com/3613-1/

Third Party Advisory https://usn.ubuntu.com/3614-1/

and 24 more references

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 23/34 · High