4.3

CVE-2019-2426

EPSS 0.22%
Veröffentlicht 16.01.2019 19:30:31
Zuletzt bearbeitet 21.11.2024 04:40:51
Quelle secalert_us@oracle.com
Teams Watchlist Login
Unerledigt Login

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Jdk Version1.7.0 Updateupdate201

Oracle ≫ Jdk Version1.8.0 Updateupdate191

Oracle ≫ Jdk Version1.8.0 Updateupdate192

Oracle ≫ Jdk Version11.0.1

Oracle ≫ Jre Version1.7.0 Updateupdate201

Oracle ≫ Jre Version1.8.0 Updateupdate191

Oracle ≫ Jre Version1.8.0 Updateupdate192

Oracle ≫ Jre Version11.0.1

Netapp ≫ Oncommand Unified Manager

Netapp ≫ Oncommand Unified Manager SwPlatformwindows Version >= 7.3

Netapp ≫ Oncommand Unified Manager SwPlatformvmware_vsphere Version >= 9.4

Netapp ≫ Oncommand Workflow Automation

Netapp ≫ Snapmanager Version- SwPlatformoracle

Netapp ≫ Snapmanager Version- SwPlatformsap

Opensuse ≫ Leap Version42.3

Hp ≫ Xp7 Command View SwEditionadvanced Version < 8.6.4-00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.453

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

https://security.gentoo.org/glsa/201903-14

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20190118-0001/

Patch

Third Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Patch

Vendor Advisory

http://www.securityfocus.com/bid/106590

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2019-2426

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-2426

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-2426

EUVD