CVE-2018-2972

Name of the Vulnerable Software and Affected Versions Java SE version 10.0.1

Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, resulting in unauthorized access to critical data or complete access to all Java SE accessible data. This can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component, such as through a web service. It applies to both client and server deployments of Java.

Recommendations For Java SE version 10.0.1, consider disabling the use of sandboxed Java Web Start applications and sandboxed Java applets until a patch is available. Restrict access to APIs in the specified component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.