CVE-2019-2699 — Corporation Java vulnerability

4 documents4 sources

Severity

9.0CRITICALNVD

EPSS

1.1%

top 22.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Java Oracle JDK Oracle JRE

Timeline

PublishedApr 23

Latest updateMay 24

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). The supported version that is affected is Java SE: 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, …

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5oracle_corporation/javaJava SE: 8u202

▶NVDoracle/jdk1.8.0

▶NVDoracle/jre1.8.0

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-xwm4-mmfg-2v6c: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL)↗2022-05-24

▶

CVEList

CVE-2019-2699: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL)↗2019-04-23

▶

📋Vendor Advisories

Debian

CVE-2019-2699: openjdk-8 - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows ...↗2019

▶