CVE-2018-2911

Опубликовано: 17 окт. 2018

Источник: nvd

CVSS3: 8.3

CVSS2: 6.8

EPSS Низкий

Описание

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GlassFish Server accessible data as well as unauthorized access to critical data or complete access to all Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L).

Ссылки

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/105618
Third Party Advisory
VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/105618
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oracle:glassfish_server:3.1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.0123

Низкий

8.3 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-8gr7-xgqp-g6fh

CVSS3: 8.3

github

больше 3 лет назад

BDU:2019-00270

CVSS3: 8.3

fstec

около 7 лет назад

Уязвимость компонента Java Server Faces программной платформы Oracle GlassFish Server, позволяющая нарушителю модифицировать защищаемую информацию или вызвать отказ обслуживании

EPSS

Процентиль: 79%

0.0123

Низкий

8.3 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo