CVE-2019-2842

Name of the Vulnerable Software and Affected Versions Java SE version 8u212

Description The issue is related to the Java SE component, specifically the JCE subcomponent, and is associated with inadequate access control. It allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, resulting in a partial denial of service. This issue affects Java deployments that load and run untrusted code, relying on the Java sandbox for security. It can be exploited through APIs in the specified component, for example, via a web service supplying data to the APIs.

Recommendations For Java SE version 8u212, consider disabling the use of the JCE component until a patch is available, or restrict access to APIs that could be used to exploit this issue. As a temporary workaround, avoid using web services that supply data to the APIs in the affected component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.