CVE-2018-3214

Name of the Vulnerable Software and Affected Versions Java SE versions 6u201, 7u191, and 8u182 Java SE Embedded version 8u181 JRockit version R28.3.19

Description The issue is related to the Sound component of Oracle Java SE, Java SE Embedded, and JRockit, and is caused by inadequate access control. It allows an unauthenticated attacker with network access via multiple protocols to compromise the system, resulting in a partial denial of service (partial DOS). This vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited through APIs in the specified component.

Recommendations For Java SE versions 6u201, 7u191, and 8u182, update to a version that contains a fix for this issue. For Java SE Embedded version 8u181, update to a version that contains a fix for this issue. For JRockit version R28.3.19, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Sound component until a patch is available. Avoid using APIs in the Sound component that may be vulnerable to exploitation until the issue is resolved.