Oracle Java SE 8u191 and 11.0.1 fixes an unspecified vulnerability in the Serviceability component (CVE-2018-3211). Upstream has CVSS scored this issue as: 6.6/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N External Reference: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA
Oracle CPU also notes the following for this issue: This vulnerability can only be exploited when Java Usage Tracker functionality is being used. The Java Usage Tracker functionality is not enabled by default. More information about it can be found here: https://docs.oracle.com/javacomponents/usage-tracker/overview/toc.htm
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:3002 https://access.redhat.com/errata/RHSA-2018:3002
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:3003 https://access.redhat.com/errata/RHSA-2018:3003