CVE-2019-2684

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Reserved 2018-12-14 | Published 2019-04-23 | Updated 2024-10-02 | Assigner oracle

Problem types

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data.

Product status

Java SE: 7u211, 8u202, 11.0.2, 12
affected

Java SE Embedded: 8u201
affected

References

www.oracle.com/.../security-advisory/cpuapr2019-5072813.html

lists.opensuse.org/...ecurity-announce/2019-05/msg00007.html (openSUSE-SU-2019:1327) vendor-advisory

access.redhat.com/errata/RHBA-2019:0959 (RHBA-2019:0959) vendor-advisory

lists.debian.org/debian-lts-announce/2019/05/msg00011.html ([debian-lts-announce] 20190510 [SECURITY] [DLA 1782-1] openjdk-7 security update) mailing-list

access.redhat.com/errata/RHSA-2019:1146 (RHSA-2019:1146) vendor-advisory

usn.ubuntu.com/3975-1/ (USN-3975-1) vendor-advisory

access.redhat.com/errata/RHSA-2019:1164 (RHSA-2019:1164) vendor-advisory

access.redhat.com/errata/RHSA-2019:1163 (RHSA-2019:1163) vendor-advisory

access.redhat.com/errata/RHSA-2019:1165 (RHSA-2019:1165) vendor-advisory

access.redhat.com/errata/RHSA-2019:1166 (RHSA-2019:1166) vendor-advisory

access.redhat.com/errata/RHSA-2019:1238 (RHSA-2019:1238) vendor-advisory

lists.opensuse.org/...ecurity-announce/2019-05/msg00059.html (openSUSE-SU-2019:1439) vendor-advisory

lists.opensuse.org/...ecurity-announce/2019-05/msg00058.html (openSUSE-SU-2019:1438) vendor-advisory

www.debian.org/security/2019/dsa-4453 (DSA-4453) vendor-advisory

seclists.org/bugtraq/2019/May/75 (20190530 [SECURITY] [DSA 4453-1] openjdk-8 security update) mailing-list

lists.opensuse.org/...ecurity-announce/2019-06/msg00013.html (openSUSE-SU-2019:1500) vendor-advisory

access.redhat.com/errata/RHSA-2019:1325 (RHSA-2019:1325) vendor-advisory

access.redhat.com/errata/RHSA-2019:1518 (RHSA-2019:1518) vendor-advisory

security.gentoo.org/glsa/201908-10 (GLSA-201908-10) vendor-advisory

support.hpe.com/...cale=en_US&docId=emr_na-hpesbst03959en_us

lists.apache.org/...c07ff866bdcd6f17@ ([tomcat-dev] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation) mailing-list

lists.apache.org/...264885739508e68108@ ([announce] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation) mailing-list

lists.apache.org/...426d7493b67@ ([tomcat-announce] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation) mailing-list

lists.apache.org/...98be4e3af3e4c063@ ([tomcat-dev] 20191218 svn commit: r1871756 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml) mailing-list

lists.apache.org/...f68df11b650ed7@ ([tomcat-users] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation) mailing-list

support.f5.com/...?utm_source=f5support&%3Butm_medium=RSS

lists.apache.org/...1247da2b7429d5d9@ ([tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/) mailing-list

lists.apache.org/...fa581a225834d97d@ ([tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/) mailing-list

lists.apache.org/...5578c3a2cbe5d19c@ ([tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/) mailing-list

lists.apache.org/...3d8106b115ee279a@ ([tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/) mailing-list

lists.apache.org/...53788099ea14caf0@ ([tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/) mailing-list

lists.apache.org/...57fb1fc641152@ ([cassandra-dev] 20200901 CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability) mailing-list

lists.apache.org/...7fb1fc641152@ ([cassandra-user] 20200901 CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability) mailing-list

www.openwall.com/lists/oss-security/2020/09/01/4 ([oss-security] 20200901 CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability) mailing-list

lists.apache.org/...b8d4ca9be1ce@ ([cassandra-user] 20200901 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability) mailing-list

lists.apache.org/...95d999ff42f7@ ([cassandra-user] 20200902 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability) mailing-list

lists.apache.org/...cc4d355a9cfc@ ([cassandra-user] 20200911 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability) mailing-list

cve.org (CVE-2019-2684)

nvd.nist.gov (CVE-2019-2684)

Download JSON