CVE-2019-2786

Name of the Vulnerable Software and Affected Versions Java SE versions 8u212, 11.0.3, and 12.0.1 Java SE Embedded version 8u211

Description The issue is related to inadequate access control in the Security component of Java SE and Java SE Embedded. Exploitation of this issue can allow an unauthenticated attacker with network access to compromise Java SE or Java SE Embedded, resulting in unauthorized read access to a subset of accessible data. The vulnerability can be exploited through APIs in the specified component, for example, through a web service that supplies data to the APIs. Successful attacks require human interaction from a person other than the attacker.

Recommendations For Java SE versions 8u212, 11.0.3, and 12.0.1, consider restricting access to the Security component until a patch is available. For Java SE Embedded version 8u211, consider disabling the use of APIs in the Security component as a temporary workaround. As a general mitigation measure, avoid using Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, until the issue is resolved.