Lucene search

[email protected]CVE-2019-2697

HistoryApr 23, 2019 - 7:32 p.m.

CVE-2019-2697

2019-04-2319:32:56

[email protected]

web.nvd.nist.gov

281

oracle

java se

cve-2019-2697

vulnerability

network access

unauthenticated attacker

compromise

takeover

java deployments.

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.083 Low

EPSS

Percentile

94.4%

JSON

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected configurations

NVD

Node

oraclejdkMatch1.7.0update211

oraclejdkMatch1.8.0update202

oraclejreMatch1.7.0update211

oraclejreMatch1.8.0update202

Node

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch18.10

canonicalubuntu_linuxMatch19.04

Node

redhatsatelliteMatch5.8

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch8.6

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

hpxp7_command_viewRange<8.6.5-00advanced

CPENameOperatorVersion
oracle:jdkoracle jdkeq1.7.0
oracle:jdkoracle jdkeq1.8.0
oracle:jreoracle jreeq1.7.0
oracle:jreoracle jreeq1.8.0

CPE	Name	Operator	Version
oracle:jdk	oracle jdk	eq	1.7.0
oracle:jdk	oracle jdk	eq	1.8.0
oracle:jre	oracle jre	eq	1.7.0
oracle:jre	oracle jre	eq	1.8.0

CNA Affected

[
  {
    "product": "Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Java SE: 7u211, 8u202"
      }
    ]
  }
]