CVE-2018-2964

Name of the Vulnerable Software and Affected Versions Java SE versions 8u172 and 10.0.1 Eclipse OpenJ9 (affected versions not specified)

Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, requiring human interaction from a person other than the attacker. Successful attacks may significantly impact additional products and can result in the takeover of Java SE. This vulnerability applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security. It does not apply to Java deployments that load and run only trusted code, typically in servers.

Recommendations For Java SE versions 8u172 and 10.0.1, update to a version that contains a fix for this issue. For Eclipse OpenJ9, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the Java Attach API to prevent unauthorized access.