PT-2019-1858 · Oracle+5 · Java Se+6
Mateusz Jurczyk
·
Published
2019-04-16
·
Updated
2024-06-15
·
CVE-2019-2698
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Java SE versions 7u211 and 8u202
Description
The issue is related to insufficient access control in the Java SE 2D component, allowing a remote attacker to gain full control over the application. This vulnerability can be exploited by an unauthenticated attacker with network access via multiple protocols to compromise Java SE, potentially resulting in a takeover of Java SE. The vulnerability applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security.
Recommendations
For Java SE version 7u211, update to a version that contains a fix for this issue.
For Java SE version 8u202, update to a version that contains a fix for this issue.
As a temporary workaround, consider restricting access to untrusted code in sandboxed Java Web Start applications or sandboxed Java applets until a patch is available.
Exploit
Fix
Improper Access Control
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Centos
Ibm Aix
Java Platform
Java Se
Red Hat
Suse
Ubuntu