Lucene search

OracleCVE-2019-2894

HistoryOct 16, 2019 - 6:15 p.m.

CVE-2019-2894

2019-10-1618:15:26

oracle

web.nvd.nist.gov

286

cve-2019-2894

oracle

java se

vulnerability

security

unauthorized access

network access

java

cve

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

3.4

Confidence

High

EPSS

0.002

Percentile

52.0%

JSON

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Affected configurations

Nvd

Vulners

Node

oraclejdkMatch1.7.0update231

oraclejdkMatch1.8.0update221

oraclejdkMatch11.0.4

oraclejdkMatch13.0.0

oraclejreMatch1.7.0update231

oraclejreMatch1.8.0update221

oraclejreMatch11.0.4

oraclejreMatch13.0.0

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

opensuseleapMatch15.0

opensuseleapMatch15.1

Node

mcafeeepolicy_orchestratorMatch5.9.0

mcafeeepolicy_orchestratorMatch5.9.1

mcafeeepolicy_orchestratorMatch5.10.0-

mcafeeepolicy_orchestratorMatch5.10.0update_1

mcafeeepolicy_orchestratorMatch5.10.0update_2

mcafeeepolicy_orchestratorMatch5.10.0update_3

mcafeeepolicy_orchestratorMatch5.10.0update_4

mcafeeepolicy_orchestratorMatch5.10.0update_5

mcafeeepolicy_orchestratorMatch5.10.0update_6

Node

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.04

canonicalubuntu_linuxMatch19.10

VendorProductVersionCPE
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update231:*:*:*:*:*:*
oraclejdk1.8.0cpe:2.3:a:oracle:jdk:1.8.0:update221:*:*:*:*:*:*
oraclejdk11.0.4cpe:2.3:a:oracle:jdk:11.0.4:*:*:*:*:*:*:*
oraclejdk13.0.0cpe:2.3:a:oracle:jdk:13.0.0:*:*:*:*:*:*:*
oraclejre1.7.0cpe:2.3:a:oracle:jre:1.7.0:update231:*:*:*:*:*:*
oraclejre1.8.0cpe:2.3:a:oracle:jre:1.8.0:update221:*:*:*:*:*:*
oraclejre11.0.4cpe:2.3:a:oracle:jre:11.0.4:*:*:*:*:*:*:*
oraclejre13.0.0cpe:2.3:a:oracle:jre:13.0.0:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update231::::::
oracle	jdk	1.8.0	cpe:2.3:a:oracle:jdk:1.8.0:update221::::::
oracle	jdk	11.0.4	cpe:2.3:a:oracle:jdk:11.0.4:::::::*
oracle	jdk	13.0.0	cpe:2.3:a:oracle:jdk:13.0.0:::::::*
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update231::::::
oracle	jre	1.8.0	cpe:2.3:a:oracle:jre:1.8.0:update221::::::
oracle	jre	11.0.4	cpe:2.3:a:oracle:jre:11.0.4:::::::*
oracle	jre	13.0.0	cpe:2.3:a:oracle:jre:13.0.0:::::::*
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Rows per page:

1-10 of 251

CNA Affected

[
  {
    "product": "Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Java SE: 7u231, 8u221, 11.0.4, 13"
      },
      {
        "status": "affected",
        "version": "Java SE Embedded: 8u221"
      }
    ]
  }
]