CVE-2019-2999 — Cross-site Scripting in Corporation Java
Severity
4.7MEDIUMNVD
EPSS
1.3%
top 20.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 16
Latest updateMay 24
Description
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vuln…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.7
Affected Packages9 packages
Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 16.04, 18.04, 19.04, 19.10, Enterprise Linux 8.0, 7.7, 8.1, 8.6
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-93p8-mvm4-c85w: Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc)↗2022-05-24
CVEList▶
CVE-2019-2999: Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc)↗2019-10-16
OSV▶
CVE-2019-2999: Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc)↗2019-10-16