CVE-2018-2800

Name of the Vulnerable Software and Affected Versions Java SE versions 6u181, 7u171, and 8u162 JRockit version R28.3.17

Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE and JRockit. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of Java SE and JRockit accessible data, as well as unauthorized read access to a subset of Java SE and JRockit accessible data. This can be exploited by supplying data to APIs in the specified component without using untrusted Java Web Start applications or untrusted Java applets.

Recommendations For Java SE versions 6u181, 7u171, and 8u162, update to a version that contains a fix for this issue. For JRockit version R28.3.17, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the RMI component until a patch is available. Avoid using untrusted Java Web Start applications or untrusted Java applets to minimize the risk of exploitation.