CVE-2019-2949

Name of the Vulnerable Software and Affected Versions Java SE versions 7u231, 8u221, 11.0.4, and 13 Java SE Embedded version 8u221

Description The issue allows an unauthenticated attacker with network access via Kerberos to compromise Java SE and Java SE Embedded, potentially resulting in unauthorized access to critical data or complete access to all accessible data. This issue applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. The vulnerability can also be exploited through APIs in the specified component.

Recommendations For Java SE versions 7u231, 8u221, 11.0.4, and 13, update to a version that fixes this issue. For Java SE Embedded version 8u221, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the Kerberos component until a patch is available. Avoid using APIs in the Kerberos component that may be vulnerable to exploitation until the issue is resolved.