5.9

CVE-2019-2684

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleJdk Version1.7.0 Updateupdate211
OracleJdk Version1.8.0 Updateupdate201
OracleJdk Version1.8.0 Updateupdate202
OracleJdk Version11.0.2
OracleJdk Version12
OracleJre Version1.7.0 Updateupdate211
OracleJre Version1.8.0 Updateupdate201
OracleJre Version1.8.0 Updateupdate202
OracleJre Version11.0.2
OracleJre Version12
RedhatSatellite Version5.8
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Eus Version8.1
RedhatEnterprise Linux Eus Version8.2
RedhatEnterprise Linux Eus Version8.4
RedhatEnterprise Linux Eus Version8.6
OpensuseLeap Version15.0
OpensuseLeap Version42.3
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
ApacheCassandra Version >= 2.1.0 < 2.1.22
ApacheCassandra Version >= 2.2.0 < 2.2.18
ApacheCassandra Version >= 3.0.0 < 3.0.22
ApacheCassandra Version >= 3.11.0 < 3.11.8
ApacheCassandra Version4.0.0 Updatebeta1
ApacheTomcat Version >= 7.0.0 <= 7.0.97
ApacheTomcat Version >= 8.5.0 <= 8.5.47
ApacheTomcat Version >= 9.0.1 <= 9.0.28
ApacheTomcat Version9.0.0 Updatemilestone1
ApacheTomcat Version9.0.0 Updatemilestone10
ApacheTomcat Version9.0.0 Updatemilestone11
ApacheTomcat Version9.0.0 Updatemilestone12
ApacheTomcat Version9.0.0 Updatemilestone13
ApacheTomcat Version9.0.0 Updatemilestone14
ApacheTomcat Version9.0.0 Updatemilestone15
ApacheTomcat Version9.0.0 Updatemilestone16
ApacheTomcat Version9.0.0 Updatemilestone17
ApacheTomcat Version9.0.0 Updatemilestone18
ApacheTomcat Version9.0.0 Updatemilestone19
ApacheTomcat Version9.0.0 Updatemilestone2
ApacheTomcat Version9.0.0 Updatemilestone20
ApacheTomcat Version9.0.0 Updatemilestone21
ApacheTomcat Version9.0.0 Updatemilestone22
ApacheTomcat Version9.0.0 Updatemilestone23
ApacheTomcat Version9.0.0 Updatemilestone24
ApacheTomcat Version9.0.0 Updatemilestone25
ApacheTomcat Version9.0.0 Updatemilestone26
ApacheTomcat Version9.0.0 Updatemilestone27
ApacheTomcat Version9.0.0 Updatemilestone3
ApacheTomcat Version9.0.0 Updatemilestone4
ApacheTomcat Version9.0.0 Updatemilestone5
ApacheTomcat Version9.0.0 Updatemilestone6
ApacheTomcat Version9.0.0 Updatemilestone7
ApacheTomcat Version9.0.0 Updatemilestone8
ApacheTomcat Version9.0.0 Updatemilestone9
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
CanonicalUbuntu Linux Version19.04
HpXp7 Command View SwEditionadvanced Version < 8.6.5-00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.99% 0.762
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
https://access.redhat.com/errata/RHBA-2019:0959
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/May/75
Third Party Advisory
Mailing List
https://usn.ubuntu.com/3975-1/
Third Party Advisory