Veracode Vulnerability DatabaseVERACODE:20906Side-channel Attack
5.1 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
openjdk is vulnerable to side-channel attack. An unknown difficult to exploit vulnerability allows an unauthenticated attacker with access to gain unauthorizaed access to critical system resources due to security risks arising from using deprecated functions within Elliptic Curve (EC) cryptography.
References
lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html
lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
access.redhat.com/errata/RHSA-2019:1811
access.redhat.com/security/updates/classification/#moderate
kc.mcafee.com/corporate/index?page=content&id=SB10300
lists.debian.org/debian-lts-announce/2019/08/msg00020.html
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us
usn.ubuntu.com/4080-1/
Related
5.1 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N