Description
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
References (5)
Core 5
Core References
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20170720-0001/
Broken Link vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038931
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201709-22
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99809
Patch, Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Scores
CVSS v3
7.1
EPSS
0.0020
EPSS Percentile
41.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
Status
published
Products (27)
netapp/active_iq_unified_manager
7.3
netapp/active_iq_unified_manager
9.5
netapp/cloud_backup
netapp/e-series_santricity_os_controller
11.0 - 11.70.1
netapp/e-series_santricity_storage_manager
netapp/element_software
netapp/oncommand_balance
netapp/oncommand_insight
netapp/oncommand_performance_manager
netapp/oncommand_shift
... and 17 more
Published
Aug 08, 2017
Tracked Since
Feb 18, 2026