DescriptionVulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). The supported version that is affected is Java SE: 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
|National Vulnerability Database||SUSE|
- SUSE-SU-2018:2083-1, published Fri Jul 27 10:16:15 MDT 2018
- openSUSE-SU-2018:2206-1, published Mon, 6 Aug 2018 15:09:29 +0200 (CEST)
- openSUSE-SU-2018:2247-1, published Thu, 9 Aug 2018 00:07:34 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Linux Enterprise Module for Basesystem 15|| ||Patchnames:
|openSUSE Leap 15.0|| ||Patchnames:
Status of this issue by product and package
Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.
|SUSE Linux Enterprise Module for Basesystem 15 GA||java-10-openjdk||Released|