CVE-2017-10293

Name of the Vulnerable Software and Affected Versions Java SE versions 6u161, 7u151, 8u144 and 9

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise Java SE, requiring human interaction from a person other than the attacker. Successful attacks can result in unauthorized update, insert, or delete access to some of Java SE accessible data, as well as unauthorized read access to a subset of Java SE accessible data. This vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets.

Recommendations For Java SE version 6u161, update to a version that fixes this issue. For Java SE version 7u151, update to a version that fixes this issue. For Java SE version 8u144, update to a version that fixes this issue. For Java SE version 9, update to a version that fixes this issue. As a temporary workaround, consider restricting the use of Java Web Start applications or sandboxed Java applets that load and run untrusted code until a patch is available.