1.9
CVSSv2

CVE-2019-2745

Published: 23/07/2019 Updated: 31/07/2019
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.1 | Impact Score: 3.6 | Exploitability Score: 1.4
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vulnerability Trend

Affected Products

Vendor Product Versions
OracleJdk1.7.0, 1.8.0, 11.0.3
OracleJre1.7.0, 1.8.0, 11.0.3

Vendor Advisories

Synopsis Moderate: java-180-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: java-170-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-170-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: java-170-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-170-openjdk is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: java-180-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: java-180-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: java-11-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...
Synopsis Moderate: java-11-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...
Several security issues were fixed in OpenJDK ...
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions In addition the implementation of elliptic curve cryptography was modernised For the oldstable distribution (stretch), these problems have been fixed in version 8u222-b10-1~deb9u1 We r ...
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions In addition the implementation of elliptic curve cryptography was modernised For the stable distribution (buster), these problems have been fixed in version 1104+11-1~deb10u1 We reco ...
OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786 ) OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769 ) libpng: png_image_free in pngc in libpng has a use-after-free because png_image_free_function is called under png_safe_execute (CV ...
Cosminexus Developer's Kit for Java(TM) and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2019-2745, CVE-2019-2762, CVE-2019-2766, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842, CVE-2019-7317 Affected products and versions are listed below Please upgrade your version to the appropriate version These ...
Multiple vulnerabilities have been found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor CVE-2019-2745, CVE-2019-2762, CVE-2019-2766, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842, CVE-2019-7317 Affected products and versions are listed below Please upgrade your version to the appropriate version, or apply t ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4485-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff July 21, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4486-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff July 21, 2019 wwwdebianorg/security/faq ...

Github Repositories

Scan Docker Image This script purpose is to scan Docker images for vulnerabilities Get a token: microscanneraquaseccom/signup Usage: SCANNER_TOKEN=<TOKEN> SCANNER_IMAGE=jboss/keycloak:601 /docker-scansh --silent Sample output: { "scan_started": { "seconds": 1563490473, "nanos": 733846066 }, "scan_dura