PT-2019-3715 · Oracle+2 · Java Se Embedded+4

Publicado

2019-10-15

·

Atualizado

2024-06-15

·

CVE-2019-2933

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Java SE versions 7u231, 8u221, 11.0.4, and 13 Java SE Embedded version 8u221
Description The issue allows an unauthenticated attacker with network access to compromise Java SE and Java SE Embedded, resulting in unauthorized read access to a subset of accessible data. This requires human interaction from a person other than the attacker. The vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited through APIs in the specified component.
Recommendations For Java SE versions 7u231, 8u221, 11.0.4, and 13, consider disabling the use of APIs in the Libraries component until a patch is available. For Java SE Embedded version 8u221, restrict access to the Libraries component to minimize the risk of exploitation. As a temporary workaround, consider disabling the execution of untrusted code in sandboxed Java Web Start applications or sandboxed Java applets until a patch is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

BDU:2019-03942
CVE-2019-2933
DLA-2023-1
OPENSUSE-SU-2019:2557-1
OPENSUSE-SU-2019:2565-1
OPENSUSE-SU-2019:2687-1
OPENSUSE-SU-2019_2557-1
OPENSUSE-SU-2019_2565-1
OPENSUSE-SU-2019_2687-1
OPENSUSE-SU-2024:10871-1
OPENSUSE-SU-2024:10872-1
OPENSUSE-SU-2024:10876-1
SUSE-SU-2019:2998-1
SUSE-SU-2019:3083-1
SUSE-SU-2019:3084-1
SUSE-SU-2019:3238-1
SUSE-SU-2020:0001-1
SUSE-SU-2020:0024-1
SUSE-SU-2020:0025-1
SUSE-SU-2020:0051-1
SUSE-SU-2020:14263-1
SUSE-SU-2020:14265-1
SUSE-SU-2020_0051-1
SUSE-SU-2020_14263-1

Produtos afetados

Ibm Aix
Java Platform
Java Se
Java Se Embedded
Suse