CVE-2019-2821Improperly Implemented Security Check for Standard in Corporation Java

CWE-358Improperly Implemented Security Check for Standard8 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
1.3%
top 20.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle Corporation JavaOracle JDKOracle JRE
Timeline
PublishedJul 23
Latest updateMay 24

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: T

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages3 packages

CVEListV5oracle_corporation/javaJava SE: 11.0.3, 12.0.1
NVDoracle/jdk11.0.3, 12.0.1+1
NVDoracle/jre11.0.3, 12.0.1+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-4664-6235-3f5j: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE)2022-05-24
OSV
CVE-2019-2821: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE)2019-07-23
CVEList
CVE-2019-2821: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE)2019-07-23

📋Vendor Advisories

3
Ubuntu
OpenJDK 11 vulnerabilities2019-07-31
Red Hat
OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678)2019-07-16
Debian
CVE-2019-2821: openjdk-11 - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). S...2019

💬Community

1
Bugzilla
CVE-2019-2821 OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678)2019-07-16
CVE-2019-2821 — Oracle Corporation Java vulnerability | cvebase