First published: Wed Jan 17 2018(Updated: )
Oracle Java SE 8u161 and 9.0.4 fixes an unspecified vulnerability in the Installer component (<a href="https://access.redhat.com/security/cve/CVE-2018-2627">CVE-2018-2627</a>). Upstream has CVSS scored this issue as: 7.5/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H External Reference: <a href="http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA">http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA</a>
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Java SE 7 | =1.8.0-update152 | |
Oracle Java SE 7 | =9.0.1 | |
Oracle JRE | =1.8.0-update152 | |
Oracle JRE | =9.0.1 | |
Red Hat Satellite | =5.8 | |
NetApp Active IQ Unified Manager | >=7.3 | |
NetApp Active IQ Unified Manager for VMware vSphere | >=9.5 | |
NetApp Cloud Backup | ||
NetApp E-Series SANtricity Management Plug-ins | ||
NetApp E-Series SANtricity OS Controller | >=11.0<=11.70.1 | |
NetApp SANtricity Storage Manager | ||
NetApp E-Series SANtricity Web Services | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Shift | ||
NetApp OnCommand Unified Manager for 7-Mode | ||
NetApp OnCommand Workflow Automation | ||
NetApp Plug-in for Symantec NetBackup | ||
NetApp SANtricity Cloud Connector | ||
NetApp SnapManager for Oracle | ||
NetApp SnapManager for SAP | ||
NetApp Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere | >=7.2 | |
NetApp Storage Replication Adapter for Clustered Data ONTAP | >=7.2 | |
NetApp StorageGRID Webscale | <=9.0.4 | |
NetApp VASA Provider | >=7.2 | |
NetApp VASA Provider | =6.0 | |
NetApp Virtual Storage Console for VMware vSphere | >=7.2 | |
NetApp Virtual Storage Console for VMware vSphere | =6.0 | |
Oracle Java SE 7 | =1.9.0.1 | |
Oracle JRE | =1.9.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-2627 is a vulnerability in the Java SE component of Oracle Java SE, specifically in the Installer subcomponent.
Java SE versions 8u152 and 9.0.1 are affected by CVE-2018-2627.
CVE-2018-2627 has a severity level of 7.5 (high).
An attacker with low privileges and access to the infrastructure where Java SE executes can exploit CVE-2018-2627.
Yes, you can find references for CVE-2018-2627 at the following links: [Oracle Security Advisory](http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html), [SecurityFocus](http://www.securityfocus.com/bid/102584), [SecurityTracker](http://www.securitytracker.com/id/1040203).