Home > Vulnerability Database > CVE-2017-10102

Mend.io Vulnerability Database

CVE-2017-10102

Date: August 8, 2017

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

Language: Unix

Severity Score

9.0

Related Resources (21)

Url: http://www.securityfocus.com/bid/99712

Url: http://www.debian.org/security/2017/dsa-3919

Url: https://security.netapp.com/advisory/ntap-20170720-0001/

Url: https://access.redhat.com/errata/RHSA-2017:2481

Url: https://access.redhat.com/errata/RHSA-2017:1790

Url: https://access.redhat.com/errata/RHSA-2017:3453

Url: https://access.redhat.com/errata/RHSA-2017:1792

Url: https://access.redhat.com/errata/RHSA-2017:1791

Url: https://cert.vde.com/en-us/advisories/vde-2017-002

Url: https://access.redhat.com/errata/RHSA-2017:2530

Url: https://access.redhat.com/errata/RHSA-2017:2469

Url: https://access.redhat.com/errata/RHSA-2017:2424

Url: http://www.securitytracker.com/id/1038931

Url: https://access.redhat.com/errata/RHSA-2017:1789

Url: https://security.gentoo.org/glsa/201709-22

Url: http://www.debian.org/security/2017/dsa-3954

Url: https://access.redhat.com/security/cve/CVE-2017-10102

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-10102

Url: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Url: https://security-tracker.debian.org/tracker/CVE-2017-10102

Url: https://www.mend.io/vulnerability-database/CVE-2017-10102

Severity Score

9.0

Weakness Type (CWE)

Improper Access Control

CWE-284

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	9.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-10102

Date: August 8, 2017

Language: Unix

Severity Score

Related Resources (21)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?