PT-2019-6354 · Oracle+4 · Java Se+5
Keegan Ryan
·
Published
2019-07-16
·
Updated
2024-06-15
·
CVE-2019-2745
CVSS v3.1
5.1
Medium
| Vector | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Java SE versions 7u221, 8u212, and 11.0.3
Description
The issue is related to errors in security settings of the Java SE component. It allows an unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE, resulting in unauthorized access to critical data or complete access to all Java SE accessible data. This issue applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. The vulnerability can also be exploited through APIs in the specified component.
Recommendations
For Java SE version 7u221, update to a version that contains a fix for this issue.
For Java SE version 8u212, update to a version that contains a fix for this issue.
For Java SE version 11.0.3, update to a version that contains a fix for this issue.
As a temporary workaround, consider restricting access to the Java sandbox and limiting the execution of untrusted code until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos
Java Platform
Java Se
Red Hat
Suse
Ubuntu