CVE-2018-3211

Name of the Vulnerable Software and Affected Versions Java SE versions 8u182 and 11 Java SE Embedded version 8u181

Description The issue is related to insufficient access control in the Serviceability component of Java SE and Java SE Embedded. It can be exploited by a low-privileged attacker with logon to the infrastructure where Java SE or Java SE Embedded executes, allowing them to compromise Java SE or Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized access to critical data or all accessible data. This issue applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security.

Recommendations For Java SE versions 8u182 and 11, consider disabling the Java Usage Tracker functionality until a patch is available. For Java SE Embedded version 8u181, consider disabling the Java Usage Tracker functionality until a patch is available. As a temporary workaround, restrict access to sensitive data and ensure that only trusted code is executed on the infrastructure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.