Lucene search

[email protected]NVD:CVE-2019-2684

HistoryApr 23, 2019 - 7:32 p.m.

CVE-2019-2684

2019-04-2319:32:55

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.9%

JSON

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Affected configurations

NVD

Node

oraclejdkMatch1.7.0update211

oraclejdkMatch1.8.0update201

oraclejdkMatch1.8.0update202

oraclejdkMatch11.0.2

oraclejdkMatch12

oraclejreMatch1.7.0update211

oraclejreMatch1.8.0update201

oraclejreMatch1.8.0update202

oraclejreMatch11.0.2

oraclejreMatch12

Node

redhatopenshift_container_platformMatch3.11

redhatsatelliteMatch5.8

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch8.1

redhatenterprise_linux_eusMatch8.2

redhatenterprise_linux_eusMatch8.4

redhatenterprise_linux_eusMatch8.6

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch8.2

redhatenterprise_linux_server_ausMatch8.4

redhatenterprise_linux_server_ausMatch8.6

redhatenterprise_linux_server_tusMatch8.2

redhatenterprise_linux_server_tusMatch8.4

redhatenterprise_linux_server_tusMatch8.6

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

opensuseleapMatch15.0

opensuseleapMatch42.3

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

apachecassandraRange2.1.0–2.1.22

apachecassandraRange2.2.0–2.2.18

apachecassandraRange3.0.0–3.0.22

apachecassandraRange3.11.0–3.11.8

apachecassandraMatch4.0.0beta1

apachetomcatRange7.0.0–7.0.97

apachetomcatRange8.5.0–8.5.47

apachetomcatRange9.0.1–9.0.28

apachetomcatMatch9.0.0milestone1

apachetomcatMatch9.0.0milestone10

apachetomcatMatch9.0.0milestone11

apachetomcatMatch9.0.0milestone12

apachetomcatMatch9.0.0milestone13

apachetomcatMatch9.0.0milestone14

apachetomcatMatch9.0.0milestone15

apachetomcatMatch9.0.0milestone16

apachetomcatMatch9.0.0milestone17

apachetomcatMatch9.0.0milestone18

apachetomcatMatch9.0.0milestone19

apachetomcatMatch9.0.0milestone2

apachetomcatMatch9.0.0milestone20

apachetomcatMatch9.0.0milestone21

apachetomcatMatch9.0.0milestone22

apachetomcatMatch9.0.0milestone23

apachetomcatMatch9.0.0milestone24

apachetomcatMatch9.0.0milestone25

apachetomcatMatch9.0.0milestone26

apachetomcatMatch9.0.0milestone27

apachetomcatMatch9.0.0milestone3

apachetomcatMatch9.0.0milestone4

apachetomcatMatch9.0.0milestone5

apachetomcatMatch9.0.0milestone6

apachetomcatMatch9.0.0milestone7

apachetomcatMatch9.0.0milestone8

apachetomcatMatch9.0.0milestone9

Node

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch18.10

canonicalubuntu_linuxMatch19.04

Node

hpxp7_command_viewRange<8.6.5-00advanced

References

lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html

lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html

lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html

www.openwall.com/lists/oss-security/2020/09/01/4

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

access.redhat.com/errata/RHBA-2019:0959

access.redhat.com/errata/RHSA-2019:1146

access.redhat.com/errata/RHSA-2019:1163

access.redhat.com/errata/RHSA-2019:1164

access.redhat.com/errata/RHSA-2019:1165

access.redhat.com/errata/RHSA-2019:1166

access.redhat.com/errata/RHSA-2019:1238

access.redhat.com/errata/RHSA-2019:1325

access.redhat.com/errata/RHSA-2019:1518

lists.apache.org/thread.html/38a01302c92ae513910d8c851a2d111736565bd698be4e3af3e4c063%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E

lists.apache.org/thread.html/71bd3e4e222479c266eaafc8d0c171ef5782a69b52f68df11b650ed7%40%3Cusers.tomcat.apache.org%3E

lists.apache.org/thread.html/c58d6c3b49c615916b163809f963a55421cac2264885739508e68108%40%3Cannounce.apache.org%3E

lists.apache.org/thread.html/f7f54b4888060d99f59993f006e25005a2b58db0c07ff866bdcd6f17%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E

lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E

lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cdev.cassandra.apache.org%3E

lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E

lists.debian.org/debian-lts-announce/2019/05/msg00011.html

seclists.org/bugtraq/2019/May/75

security.gentoo.org/glsa/201908-10

support.f5.com/csp/article/K11175903?utm_source=f5support&amp%3Butm_medium=RSS

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us

usn.ubuntu.com/3975-1/

www.debian.org/security/2019/dsa-4453

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.9%

JSON

Related for NVD:CVE-2019-2684

ibm54 veracode1 f52 cve2 cvelist2 alpinelinux1 prion2 debiancve1 kitploit1 redhatcve2 ubuntucve1 nessus61 tomcat3 centos5 osv4 oraclelinux7 redhat12 openvas25 github1 nvd1 suse2 amazon3 debian2 mageia1 ubuntu1 kaspersky1 aix1