CVE-2019-2975

Name of the Vulnerable Software and Affected Versions Java SE versions 8u221, 11.0.4, and 13 Java SE Embedded version 8u221

Description A difficult to exploit vulnerability in the Scripting component of Java SE and Java SE Embedded allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE and Java SE Embedded. Successful attacks can result in unauthorized update, insert, or delete access to some of the accessible data and the ability to cause a partial denial of service. This vulnerability applies to Java deployments that load and run untrusted code, relying on the Java sandbox for security. It can also be exploited through APIs in the specified component.

Recommendations For Java SE versions 8u221, 11.0.4, and 13, consider disabling the Scripting component until a patch is available. For Java SE Embedded version 8u221, restrict access to the Scripting component to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of APIs in the Scripting component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.