1.9
CVSSv2

CVE-2019-2745

Published: 23/07/2019 Updated: 31/07/2019
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.1 | Impact Score: 3.6 | Exploitability Score: 1.4
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

A vulnerability in the Security subcomponent of the Java SE component of Oracle Java SE could allow a local malicious user to access sensitive information on a targeted system. The vulnerability is due to improper input validation that is performed by the affected software. An attacker with logon access to the infrastructure where Java SE executes could exploit the vulnerability by submitting malicious input to the affected software. A successful exploit could allow the malicious user to access sensitive information, which could be used to conduct additional attacks. Oracle confirmed the vulnerability and released software updates.

Vulnerability Trend

Affected Products

Vendor Product Versions
OracleJdk1.7.0, 1.8.0, 11.0.3
OracleJre1.7.0, 1.8.0, 11.0.3

Vendor Advisories

Synopsis Moderate: java-180-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: java-170-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-170-openjdk is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: java-170-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-170-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: java-180-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: java-180-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: java-11-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...
Synopsis Moderate: java-11-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...
Several security issues were fixed in OpenJDK ...
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions In addition the implementation of elliptic curve cryptography was modernised For the oldstable distribution (stretch), these problems have been fixed in version 8u222-b10-1~deb9u1 We r ...
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions In addition the implementation of elliptic curve cryptography was modernised For the stable distribution (buster), these problems have been fixed in version 1104+11-1~deb10u1 We reco ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities) Supported versions that are affected are Java SE: 7u221, 8u212, 1103 and 1201; Java SE Embedded: 8u211 Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE E ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities) Supported versions that are affected are Java SE: 7u221, 8u212, 1103 and 1201; Java SE Embedded: 8u211 Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE E ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities) Supported versions that are affected are Java SE: 7u221, 8u212, 1103 and 1201; Java SE Embedded: 8u211 Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE E ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI) Supported versions that are affected are Java SE: 7u211, 8u202, 1102 and 12; Java SE Embedded: 8u201 Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded ...
OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786 ) OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769 ) libpng: png_image_free in pngc in libpng has a use-after-free because png_image_free_function is called under png_safe_execute (CV ...
Cosminexus Developer's Kit for Java(TM) and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2019-2745, CVE-2019-2762, CVE-2019-2766, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842, CVE-2019-7317 Affected products and versions are listed below Please upgrade your version to the appropriate version These ...
Multiple vulnerabilities have been found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor CVE-2019-2745, CVE-2019-2762, CVE-2019-2766, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842, CVE-2019-7317 Affected products and versions are listed below Please upgrade your version to the appropriate version, or apply t ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4485-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff July 21, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4486-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff July 21, 2019 wwwdebianorg/security/faq ...

Github Repositories

Scan Docker Image This script purpose is to scan Docker images for vulnerabilities Get a token: microscanneraquaseccom/signup Usage: SCANNER_TOKEN=<TOKEN> SCANNER_IMAGE=jboss/keycloak:601 /docker-scansh --silent Sample output: { "scan_started": { "seconds": 1563490473, "nanos": 733846066 }, "scan_dura