PT-2019-5422 · Oracle+3 · Java Se Embedded+5

Published

2019-07-23

·

Updated

2024-06-15

·

CVE-2019-2766

CVSS v3.1

3.1

Low

VectorAV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Java SE versions 7u221, 8u212, 11.0.3, and 12.0.1 Java SE Embedded version 8u211 Eclipse OpenJ9 (affected versions not specified)
Description The issue is related to inadequate access control in the Java SE and Java SE Embedded components, allowing an unauthenticated attacker with network access to compromise the system and gain unauthorized read access to a subset of accessible data. This can be exploited through multiple protocols and requires human interaction from a person other than the attacker. The vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited by using APIs in the specified component.
Recommendations For Java SE versions 7u221, 8u212, 11.0.3, and 12.0.1, update to a version that contains the fix for this issue. For Java SE Embedded version 8u211, update to a version that contains the fix for this issue. For Eclipse OpenJ9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2020-02945
CVE-2019-2766
OPENSUSE-SU-2019:1912-1
OPENSUSE-SU-2019:1916-1
OPENSUSE-SU-2019_1912-1
OPENSUSE-SU-2019_1916-1
OPENSUSE-SU-2024:10871-1
OPENSUSE-SU-2024:10872-1
OPENSUSE-SU-2024:10876-1
SUSE-SU-2019:14160-1
SUSE-SU-2019:14188-1
SUSE-SU-2019:2002-1
SUSE-SU-2019:2021-1
SUSE-SU-2019:2028-1
SUSE-SU-2019:2036-1
SUSE-SU-2019:2036-2
SUSE-SU-2019:2291-1
SUSE-SU-2019:2336-1
SUSE-SU-2019:2371-1
SUSE-SU-2019_14160-1

Affected Products

Eclipse Openj9
Ibm Aix
Java Platform
Java Se
Java Se Embedded
Suse