Last Updated on 24/Apr/2018
Description
Oracle has announced a critical vulnerability (CVE-2018-2783/CVE-2018-2794) exists in following Oracle Java SE versions:
- Oracle Java SE 8 Update 162
- Oracle Java SE 7 Update 171
- Oracle Java SE 6 Update 181
- Oracle Java SE Embedded 8 Update 161
- Oracle Java SE Embedded 8 Update 152
For more details, please refer to following articles:
Potential Impact
SVF and SPA Products:
Following products and versions may be affected by CVE-2018-2783 and CVE-2018-2794.
Product Name | Version | Server | Client |
SVFX-Designer | 8.2 to 9.2 | n/a | v |
SVF Web Designer | 9.2 | v | n/a |
SVF Java Products | 8.2 to 9.2 | v | n/a |
Report Director Enterprise | 8.2 to 9.2 | v | n/a |
Universal Connect/X | 8.2 to 9.2 | v | n/a |
SVF Connect for Java API | 8.1 to 9.2 | v | v |
SPA | 9.2 to 9.3 | v | n/a |
SVF PDF Loader | 9.2 | v | n/a |
Dr. Sum Products:
Dr. Sum, Dr. Sum EA, Datalizer and TextOLAP are not affected when severity rating is 7.0 (high) or higher in CVSS v2.0 Rating. Dr. Sum EA Connect and Dr. Sum Connect are still under investigation.
MotionBoard Products:
MotionBoard products are not affected when severity rating is 7.0 (high) or higher in CVSS v2.0 Rating.
Solution
Oracle has no longer provided any patch update for Java6 and Java7 in public. We recommend you apply the latest Service Pack for SVF products which support Java 8 (Java 8 Update 163) or higher. Please contact us for more details.
Comments
0 comments
Please sign in to leave a comment.