CVE-2018-2940
First published: Tue Jul 17 2018(Updated: )
Oracle Java SE 6u201, 7u191, 8u181, and 10.0.2 fixes an unspecified vulnerability in the Libraries component (<a href="https://access.redhat.com/security/cve/CVE-2018-2940">CVE-2018-2940</a>). Upstream has CVSS scored this issue as: 4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N External Reference: <a href="http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixJAVA">http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixJAVA</a>
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <1.7.0-oracle-1:1.7.0.191-1jpp.1.el6 | 1.7.0-oracle-1:1.7.0.191-1jpp.1.el6 |
| redhat/java | <1.8.0-oracle-1:1.8.0.181-1jpp.2.el6 | 1.8.0-oracle-1:1.8.0.181-1jpp.2.el6 |
| redhat/java | <1.6.0-sun-1:1.6.0.211-1jpp.1.el6 | 1.6.0-sun-1:1.6.0.211-1jpp.1.el6 |
| redhat/java | <1.8.0-oracle-1:1.8.0.181-1jpp.2.el7 | 1.8.0-oracle-1:1.8.0.181-1jpp.2.el7 |
| redhat/java | <1.7.0-oracle-1:1.7.0.191-1jpp.2.el7 | 1.7.0-oracle-1:1.7.0.191-1jpp.2.el7 |
| redhat/java | <1.6.0-sun-1:1.6.0.211-1jpp.1.el7 | 1.6.0-sun-1:1.6.0.211-1jpp.1.el7 |
| redhat/java | <1.8.0-ibm-1:1.8.0.5.20-1jpp.1.el6_10 | 1.8.0-ibm-1:1.8.0.5.20-1jpp.1.el6_10 |
| redhat/java | <1.7.1-ibm-1:1.7.1.4.30-1jpp.2.el6_10 | 1.7.1-ibm-1:1.7.1.4.30-1jpp.2.el6_10 |
| redhat/java | <1.8.0-ibm-1:1.8.0.5.20-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.5.20-1jpp.1.el7 |
| redhat/java | <1.7.1-ibm-1:1.7.1.4.30-1jpp.1.el7 | 1.7.1-ibm-1:1.7.1.4.30-1jpp.1.el7 |
| Oracle JDK | =1.6.0-update191 | |
| Oracle JDK | =1.7.0-update181 | |
| Oracle JDK | =1.8.0-update172 | |
| Oracle JDK | =10.0.1 | |
| Oracle JRE | =1.6.0-update191 | |
| Oracle JRE | =1.7.0-update181 | |
| Oracle JRE | =1.8.0-update172 | |
| Oracle JRE | =10.0.1 | |
| Hp Xp7 Command View | ||
| Redhat Satellite | =5.6 | |
| Redhat Satellite | =5.7 | |
| Redhat Satellite | =5.8 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Active Iq Unified Manager Windows | ||
| Netapp Cloud Backup | ||
| NetApp E-Series SANtricity OS Controller | >=11.0<=11.70.1 | |
| Netapp E-series Santricity Storage Manager | ||
| NetApp OnCommand Insight | ||
| Netapp Oncommand Unified Manager | ||
| NetApp OnCommand Workflow Automation | ||
| Netapp Plug-in For Symantec Netbackup | ||
| Netapp Snapmanager Oracle | ||
| Netapp Snapmanager Sap | ||
| Netapp Steelstore Cloud Integrated Storage | ||
| Netapp Storage Replication Adapter For Clustered Data Ontap Vmware Vsphere | >=9.7 | |
| Netapp Vasa Provider For Clustered Data Ontap | >=9.7 | |
| Netapp Virtual Storage Console Vmware Vsphere | >=9.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/bid/104768
- http://www.securitytracker.com/id/1041302
- https://access.redhat.com/errata/RHSA-2018:2253
- https://access.redhat.com/errata/RHSA-2018:2254
- https://access.redhat.com/errata/RHSA-2018:2255
- https://access.redhat.com/errata/RHSA-2018:2256
- https://access.redhat.com/errata/RHSA-2018:2568
- https://access.redhat.com/errata/RHSA-2018:2569
- https://access.redhat.com/errata/RHSA-2018:2575
- https://access.redhat.com/errata/RHSA-2018:2576
- https://access.redhat.com/errata/RHSA-2018:2712
- https://access.redhat.com/errata/RHSA-2018:2713
- https://access.redhat.com/errata/RHSA-2018:3007
- https://access.redhat.com/errata/RHSA-2018:3008
- https://security.netapp.com/advisory/ntap-20180726-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03928en_us
- https://access.redhat.com/security/cve/CVE-2018-2940
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixJAVA
- https://bugzilla.redhat.com/show_bug.cgi?id=1602146
- https://www.cve.org/CVERecord?id=CVE-2018-2940 https://nvd.nist.gov/vuln/detail/CVE-2018-2940 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixJAVA
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2018-2940?
The severity of CVE-2018-2940 is medium.
Which software versions are affected by CVE-2018-2940?
Affected software versions are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171.
How can an attacker exploit CVE-2018-2940?
An unauthenticated attacker with network access can easily exploit CVE-2018-2940.
Where can I find more information about CVE-2018-2940?
You can find more information about CVE-2018-2940 at the following references: [Reference 1](https://access.redhat.com/security/cve/CVE-2018-2940), [Reference 2](http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixJAVA), [Reference 3](https://access.redhat.com/errata/RHSA-2018:2254).
What is the remedy for CVE-2018-2940?
The remedy for CVE-2018-2940 is to update to the following versions: Java SE: 6u191, 7u181, 8u172, 10.0.1; Java SE Embedded: 8u171.
- collector/redhat-cve
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-2940
- agent/remedy
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/oracle
- canonical/oracle jdk
- version/oracle jdk/1.6.0-update191
- version/oracle jdk/1.7.0-update181
- version/oracle jdk/1.8.0-update172
- version/oracle jdk/10.0.1
- canonical/oracle jre
- version/oracle jre/1.6.0-update191
- version/oracle jre/1.7.0-update181
- version/oracle jre/1.8.0-update172
- version/oracle jre/10.0.1
- vendor/hp
- canonical/hp xp7 command view
- vendor/redhat
- canonical/redhat satellite
- version/redhat satellite/5.6
- version/redhat satellite/5.7
- version/redhat satellite/5.8
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/redhat enterprise linux workstation/7.0
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp active iq unified manager windows
- canonical/netapp cloud backup
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0
- version/netapp e-series santricity os controller/11.70.1
- canonical/netapp e-series santricity storage manager
- canonical/netapp oncommand insight
- canonical/netapp oncommand unified manager
- canonical/netapp oncommand workflow automation
- canonical/netapp plug-in for symantec netbackup
- canonical/netapp snapmanager oracle
- canonical/netapp snapmanager sap
- canonical/netapp steelstore cloud integrated storage
- canonical/netapp storage replication adapter for clustered data ontap vmware vsphere
- version/netapp storage replication adapter for clustered data ontap vmware vsphere/9.7
- canonical/netapp vasa provider for clustered data ontap
- version/netapp vasa provider for clustered data ontap/9.7
- canonical/netapp virtual storage console vmware vsphere
- version/netapp virtual storage console vmware vsphere/9.7