CVE-2019-2540

Name of the Vulnerable Software and Affected Versions Java Advanced Management Console version 2.12

Description The issue is related to insufficient access control in the Java Advanced Management Console component of Oracle Java SE. It allows an unauthenticated attacker with network access via multiple protocols to compromise the Java Advanced Management Console. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The attacks can result in unauthorized update, insert, or delete access to some of the Java Advanced Management Console accessible data, as well as unauthorized read access to a subset of Java Advanced Management Console accessible data.

Recommendations For Java Advanced Management Console version 2.12, consider restricting access to the console to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of the console to only necessary personnel and ensure that all users are aware of the potential risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.