CVE-2018-2627
First published: Wed Jan 17 2018(Updated: )
Oracle Java SE 8u161 and 9.0.4 fixes an unspecified vulnerability in the Installer component (<a href="https://access.redhat.com/security/cve/CVE-2018-2627">CVE-2018-2627</a>). Upstream has CVSS scored this issue as: 7.5/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H External Reference: <a href="http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA">http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA</a>
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle OpenJDK 1.8.0 | =1.8.0-update152 | |
| Oracle OpenJDK 1.8.0 | =9.0.1 | |
| Oracle JRE | =1.8.0-update152 | |
| Oracle JRE | =9.0.1 | |
| Red Hat Satellite | =5.8 | |
| NetApp Active IQ Unified Manager | >=7.3 | |
| NetApp Active IQ Unified Manager for VMware vSphere | >=9.5 | |
| NetApp Cloud Backup | ||
| NetApp E-Series SANtricity Management Plug-ins | ||
| NetApp E-Series SANtricity OS Controller | >=11.0<=11.70.1 | |
| NetApp SANtricity Storage Manager | ||
| NetApp E-Series SANtricity Web Services | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Shift | ||
| NetApp OnCommand Unified Manager for 7-Mode | ||
| NetApp OnCommand Workflow Automation | ||
| NetApp Plug-in for Symantec NetBackup | ||
| NetApp SANtricity Cloud Connector | ||
| NetApp SnapManager for Oracle | ||
| NetApp SnapManager for SAP | ||
| NetApp Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere | >=7.2 | |
| NetApp Storage Replication Adapter for Clustered Data ONTAP | >=7.2 | |
| NetApp StorageGrid | <=9.0.4 | |
| NetApp VASA Provider | >=7.2 | |
| NetApp VASA Provider | =6.0 | |
| NetApp Virtual Storage Console for VMware vSphere | >=7.2 | |
| NetApp Virtual Storage Console for VMware vSphere | =6.0 | |
| Oracle OpenJDK 1.8.0 | =1.9.0.1 | |
| Oracle JRE | =1.9.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.securityfocus.com/bid/102584
- http://www.securitytracker.com/id/1040203
- https://access.redhat.com/errata/RHSA-2018:0099
- https://access.redhat.com/errata/RHSA-2018:1463
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://security.netapp.com/advisory/ntap-20180117-0001/
- https://access.redhat.com/security/cve/CVE-2018-2627
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA
- https://bugzilla.redhat.com/show_bug.cgi?id=1535352
Frequently Asked Questions
What is CVE-2018-2627?
CVE-2018-2627 is a vulnerability in the Java SE component of Oracle Java SE, specifically in the Installer subcomponent.
Which versions of Java SE are affected by CVE-2018-2627?
Java SE versions 8u152 and 9.0.1 are affected by CVE-2018-2627.
What is the severity level of CVE-2018-2627?
CVE-2018-2627 has a severity level of 7.5 (high).
How can an attacker exploit CVE-2018-2627?
An attacker with low privileges and access to the infrastructure where Java SE executes can exploit CVE-2018-2627.
Are there any references available for CVE-2018-2627?
Yes, you can find references for CVE-2018-2627 at the following links: [Oracle Security Advisory](http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html), [SecurityFocus](http://www.securityfocus.com/bid/102584), [SecurityTracker](http://www.securitytracker.com/id/1040203).
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-2627
- agent/severity
- agent/remedy
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/oracle
- canonical/oracle openjdk 1.8.0
- version/oracle openjdk 1.8.0/1.8.0-update152
- version/oracle openjdk 1.8.0/9.0.1
- canonical/oracle jre
- version/oracle jre/1.8.0-update152
- version/oracle jre/9.0.1
- vendor/redhat
- canonical/red hat satellite
- version/red hat satellite/5.8
- vendor/netapp
- canonical/netapp active iq unified manager
- version/netapp active iq unified manager/7.3
- canonical/netapp active iq unified manager for vmware vsphere
- version/netapp active iq unified manager for vmware vsphere/9.5
- canonical/netapp cloud backup
- canonical/netapp e-series santricity management plug-ins
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0
- version/netapp e-series santricity os controller/11.70.1
- canonical/netapp santricity storage manager
- canonical/netapp e-series santricity web services
- canonical/netapp oncommand insight
- canonical/netapp oncommand shift
- canonical/netapp oncommand unified manager for 7-mode
- canonical/netapp oncommand workflow automation
- canonical/netapp plug-in for symantec netbackup
- canonical/netapp santricity cloud connector
- canonical/netapp snapmanager for oracle
- canonical/netapp snapmanager for sap
- canonical/netapp storage replication adapter for clustered data ontap for vmware vsphere
- version/netapp storage replication adapter for clustered data ontap for vmware vsphere/7.2
- canonical/netapp storage replication adapter for clustered data ontap
- version/netapp storage replication adapter for clustered data ontap/7.2
- canonical/netapp storagegrid
- version/netapp storagegrid/9.0.4
- canonical/netapp vasa provider
- version/netapp vasa provider/7.2
- version/netapp vasa provider/6.0
- canonical/netapp virtual storage console for vmware vsphere
- version/netapp virtual storage console for vmware vsphere/7.2
- version/netapp virtual storage console for vmware vsphere/6.0
- version/oracle openjdk 1.8.0/1.9.0.1
- version/oracle jre/1.9.0.1