5.8

CVE-2019-2977

EPSS 0.87%
Veröffentlicht 16.10.2019 18:15:32
Zuletzt bearbeitet 21.11.2024 04:41:54
Quelle secalert_us@oracle.com
Teams Watchlist Login
Unerledigt Login

Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Jdk Version11.0.4

Oracle ≫ Jdk Version13.0.0

Oracle ≫ Jre Version11.0.4

Oracle ≫ Jre Version13.0.0

Netapp ≫ Active Iq Unified Manager SwPlatformwindows Version >= 7.3

Netapp ≫ Active Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5

Netapp ≫ E-series Santricity Os Controller Version >= 11.0.0 <= 11.50.2

Netapp ≫ E-series Santricity Storage Manager Version-

Netapp ≫ E-series Santricity Unified Manager Version-

Netapp ≫ E-series Santricity Web Services Proxy Version-

Netapp ≫ Oncommand Workflow Automation Version-

Netapp ≫ Snapmanager Version- SwPlatformoracle

Netapp ≫ Snapmanager Version- SwPlatformsap

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.87%	0.743

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	2.2	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P

https://security.netapp.com/advisory/ntap-20191017-0001/

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Patch

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html

https://seclists.org/bugtraq/2019/Oct/31

Third Party Advisory

Mailing List

https://usn.ubuntu.com/4223-1/

https://www.debian.org/security/2019/dsa-4546

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3135

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-2977

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-2977

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-2977

EUVD