PT-2019-3715 · Oracle+2 · Java Se Embedded+4

Published

2019-10-15

·

Updated

2024-06-15

·

CVE-2019-2933

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Java SE versions 7u231, 8u221, 11.0.4, and 13 Java SE Embedded version 8u221
Description The issue allows an unauthenticated attacker with network access to compromise Java SE and Java SE Embedded, resulting in unauthorized read access to a subset of accessible data. This requires human interaction from a person other than the attacker. The vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited through APIs in the specified component.
Recommendations For Java SE versions 7u231, 8u221, 11.0.4, and 13, consider disabling the use of APIs in the Libraries component until a patch is available. For Java SE Embedded version 8u221, restrict access to the Libraries component to minimize the risk of exploitation. As a temporary workaround, consider disabling the execution of untrusted code in sandboxed Java Web Start applications or sandboxed Java applets until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2019-03942
CVE-2019-2933
DLA-2023-1
OPENSUSE-SU-2019:2557-1
OPENSUSE-SU-2019:2565-1
OPENSUSE-SU-2019:2687-1
OPENSUSE-SU-2019_2557-1
OPENSUSE-SU-2019_2565-1
OPENSUSE-SU-2019_2687-1
OPENSUSE-SU-2024:10871-1
OPENSUSE-SU-2024:10872-1
OPENSUSE-SU-2024:10876-1
SUSE-SU-2019:2998-1
SUSE-SU-2019:3083-1
SUSE-SU-2019:3084-1
SUSE-SU-2019:3238-1
SUSE-SU-2020:0001-1
SUSE-SU-2020:0024-1
SUSE-SU-2020:0025-1
SUSE-SU-2020:0051-1
SUSE-SU-2020:14263-1
SUSE-SU-2020:14265-1
SUSE-SU-2020_0051-1
SUSE-SU-2020_14263-1

Affected Products

Ibm Aix
Java Platform
Java Se
Java Se Embedded
Suse