Improper access control in Java Advanced Management Console

#VU8879 Improper access control in Java Advanced Management Console

Published: 2017-10-18

Vulnerability identifier: #VU8879

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2017-10380

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Java Advanced Management Console
Client/Desktop applications / Other client software

Vendor: Oracle

Description
The vulnerability allows a remote attacker to access potentially sensitive information.

The weakness exists due to a flaw in the Server component. A remote attacker can partially read and modify arbitrary files on the target system.

Mitigation
The vulnerability is addressed in the following version: 8u151.

Vulnerable software versions

Java Advanced Management Console: 2.7

CPE

cpe:2.3:a:oracle:java_advanced_management_console:2.7:*:*:*:*:*:*:*

External links
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in Oracle Java Advanced Management Console