CVE-2019-2766

Name of the Vulnerable Software and Affected Versions Java SE versions 7u221, 8u212, 11.0.3, and 12.0.1 Java SE Embedded version 8u211 Eclipse OpenJ9 (affected versions not specified)

Description The issue is related to inadequate access control in the Java SE and Java SE Embedded components, allowing an unauthenticated attacker with network access to compromise the system and gain unauthorized read access to a subset of accessible data. This can be exploited through multiple protocols and requires human interaction from a person other than the attacker. The vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited by using APIs in the specified component.

Recommendations For Java SE versions 7u221, 8u212, 11.0.3, and 12.0.1, update to a version that contains the fix for this issue. For Java SE Embedded version 8u211, update to a version that contains the fix for this issue. For Eclipse OpenJ9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.