5.8
CVSSv2

CVE-2019-2816

Published: 23/07/2019 Updated: 31/07/2019
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 4.8 | Impact Score: 2.5 | Exploitability Score: 2.2
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

A vulnerability in the Networking subcomponent of the Java SE, Java SE Embedded component of Oracle Java SE could allow an unauthenticated, remote malicious user to perform unauthorized data access operations on a targeted system. The vulnerability is due to improper input validation that is performed by the affected software. An attacker with network access to the system through multiple protocols could exploit the vulnerability by sending network packets that are designed to submit malicious input to the affected software. A successful exploit could allow the malicious user to perform unauthorized update, insert or delete operations on sensitive data. Oracle confirmed the vulnerability and released software updates.

Vulnerability Trend

Affected Products

Vendor Product Versions
OracleJdk1.7.0, 1.8.0, 11.0.3, 12.0.1
OracleJre1.7.0, 1.8.0, 11.0.3, 12.0.1

Vendor Advisories

Synopsis Important: java-171-ibm security update Type/Severity Security Advisory: Important Topic An update for java-171-ibm is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: java-171-ibm security update Type/Severity Security Advisory: Important Topic An update for java-171-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Moderate: java-180-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Moderate: java-170-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-170-openjdk is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: java-170-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-170-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: java-180-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Moderate: java-180-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Synopsis Moderate: java-11-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...
Synopsis Moderate: java-11-openjdk security update Type/Severity Security Advisory: Moderate Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...
Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Topic An update for java-180-ibm is now available for Red Hat Satellite 58Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...
Several security issues were fixed in OpenJDK 11 ...
Several security issues were fixed in OpenJDK ...
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions In addition the implementation of elliptic curve cryptography was modernised For the oldstable distribution (stretch), these problems have been fixed in version 8u222-b10-1~deb9u1 We r ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities) Supported versions that are affected are Java SE: 7u221, 8u212, 1103 and 1201; Java SE Embedded: 8u211 Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE E ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities) Supported versions that are affected are Java SE: 7u221, 8u212, 1103 and 1201; Java SE Embedded: 8u211 Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE E ...
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions In addition the implementation of elliptic curve cryptography was modernised For the stable distribution (buster), these problems have been fixed in version 1104+11-1~deb10u1 We reco ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4100 to 4103 These issues were disclosed as part of the IBM Java SDK updates in July 2019 There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Syste ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager 4100 – 4101 These issues were disclosed as part of the IBM Java SDK updates in July 2019 There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Sy ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server have addressed the applicable CVEs ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Cloud Private IBM Cloud Private has addressed the applicable CVEs ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 701040 and Version 80535 used by Rational Functional Tester (RFT) versions 860 – 8606 and versions 8607 – 95 RFT has addressed the applicable CVEs ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 that is used by IBM Operational Decision Manager (ODM) These issues were disclosed as part of the IBM Java SDK updates in Apr 2019 and July 2019 ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities) Supported versions that are affected are Java SE: 7u221, 8u212, 1103 and 1201; Java SE Embedded: 8u211 Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE E ...
There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 71, 8 used by AIX AIX has addressed the applicable CVEs ...
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 701045 and earlier, 71445 and earlier, 80537 and earlier used by IBM® Db2® These issues were disclosed as part of the IBM Java SDK updates in July 2019 ...
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI) Supported versions that are affected are Java SE: 7u211, 8u202, 1102 and 12; Java SE Embedded: 8u201 Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded ...
OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786 ) OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769 ) libpng: png_image_free in pngc in libpng has a use-after-free because png_image_free_function is called under png_safe_execute (CV ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions – Robotic Response Time These issues were disclosed as part of the IBM Java SDK updates in July 2019 ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 701050 used by IBM Cloud Manager with OpenStack IBM Cloud Manager with OpenStack has addressed the applicable CVEs These issues were disclosed as part of the IBM® Runtime Environment Java™ updates in July 2019 ...
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 701035 used by IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise has addressed the applicable CVEs These issues were also addressed by IBM WebSphere Application Server shipped with IBM Cloud Orches ...
Java SE issues disclosed in the Oracle July 2019 Critical Patch Update, plus four additional vulnerabilities ...
Cosminexus Developer's Kit for Java(TM) and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2019-2745, CVE-2019-2762, CVE-2019-2766, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842, CVE-2019-7317 Affected products and versions are listed below Please upgrade your version to the appropriate version These ...
Multiple vulnerabilities have been found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor CVE-2019-2745, CVE-2019-2762, CVE-2019-2766, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842, CVE-2019-7317 Affected products and versions are listed below Please upgrade your version to the appropriate version, or apply t ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4485-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff July 21, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4486-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff July 21, 2019 wwwdebianorg/security/faq ...

Github Repositories

Scan Docker Image This script purpose is to scan Docker images for vulnerabilities Get a token: microscanneraquaseccom/signup Usage: SCANNER_TOKEN=<TOKEN> SCANNER_IMAGE=jboss/keycloak:601 /docker-scansh --silent Sample output: { "scan_started": { "seconds": 1563490473, "nanos": 733846066 }, "scan_dura