CVE-2019-2699

Name of the Vulnerable Software and Affected Versions Oracle Java SE version 8u202

Description The issue is related to a vulnerability in the Java SE component, specifically the Windows DLL subcomponent. This vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Although the vulnerability is in Java SE, attacks may have a significant impact on additional products. Successful attacks can result in the takeover of Java SE. The vulnerability applies to Java deployments that load and run untrusted code, relying on the Java sandbox for security. It can also be exploited through APIs in the specified component, for example, via a web service supplying data to the APIs.

Recommendations For Oracle Java SE version 8u202, consider disabling the use of untrusted code in sandboxed Java Web Start applications or sandboxed Java applets until a patch is available. Restrict access to APIs in the Windows DLL component to minimize the risk of exploitation. Avoid using the affected Java SE component in clients that rely on the Java sandbox for security. At the moment, there is no information about a newer version that contains a fix for this vulnerability.