CVE-2019-2816
Summary
| CVE | CVE-2019-2816 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-07-23 23:15:00 UTC |
| Updated | 2022-10-06 18:47:00 UTC |
| Description | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Application | Hp | Xp7 Command View | All | All | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | - | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_1 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_2 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_3 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.10.0 | update_4 | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.9.0 | All | All | All |
| Application | Mcafee | Epolicy Orchestrator | 5.9.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.0 | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Application | Oracle | Jdk | 1.7.0 | update221 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update211 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update212 | All | All |
| Application | Oracle | Jdk | 11.0.3 | All | All | All |
| Application | Oracle | Jdk | 12.0.1 | All | All | All |
| Application | Oracle | Jdk | 1.7.0 | update221 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update211 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update212 | All | All |
| Application | Oracle | Jdk | 11.0.3 | All | All | All |
| Application | Oracle | Jdk | 12.0.1 | All | All | All |
| Application | Oracle | Jre | 1.7.0 | update221 | All | All |
| Application | Oracle | Jre | 1.7.0 | update_221 | All | All |
| Application | Oracle | Jre | 1.8.0 | update211 | All | All |
| Application | Oracle | Jre | 1.8.0 | update212 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_211 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_212 | All | All |
| Application | Oracle | Jre | 11.0.3 | All | All | All |
| Application | Oracle | Jre | 12.0.1 | All | All | All |
| Application | Oracle | Jre | 1.7.0 | update_221 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_211 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_212 | All | All |
| Application | Oracle | Jre | 11.0.3 | All | All | All |
| Application | Oracle | Jre | 12.0.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 8.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Application | Redhat | Satellite | 5.8 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| USN-4080-1: OpenJDK 8 vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| [security-announce] openSUSE-SU-2019:1912-1: important: Security update | SUSE | lists.opensuse.org | |
| Document Display | HPE Support Center | CONFIRM | support.hpe.com | |
| [SECURITY] [DLA 1886-1] openjdk-7 security update | MLIST | lists.debian.org | |
| Oracle Critical Patch Update Advisory - July 2019 | MISC | www.oracle.com | Patch, Vendor Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| [security-announce] openSUSE-SU-2019:1916-1: important: Security update | SUSE | lists.opensuse.org | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| McAfee Security Bulletin - ePolicy Orchestrator update fixes Java vulnerabilities (CVE-2019-2745, CVE-2019-2762, CVE-2019-2766, CVE-2019-2769, CVE-2019-2816, and CVE-2019-2842) | CONFIRM | kc.mcafee.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| USN-4083-1: OpenJDK 11 vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 20339 IBM DB2 Multiple Vulnerabilities (1073908)
- 375626 IBM Cognos Analytics Multiple Vulnerabilities (6451705)
- 375809 Azul Java Multiple Vulnerabilities Security Update July 2019
- 375978 Amazon Corretto Critical Patch Update (JUL2019)
- 377275 Alibaba Cloud Linux Security Update for java-1.7.0-openjdk (ALINUX2-SA-2019:0043)
- 377464 Alibaba Cloud Linux Security Update for java-1.8.0-openjdk (ALINUX2-SA-2019:0042)
- 377537 Alibaba Cloud Linux Security Update for java-11-openjdk (ALINUX2-SA-2019:0041)
- 378107 Virtuozzo Linux Security Update for java-1.8.0-openjdk-demo (VZLSA-2019:1811)
- 378142 Virtuozzo Linux Security Update for java-1.8.0-openjdk-debug (VZLSA-2019:1811)
- 378180 Virtuozzo Linux Security Update for java-1.7.0-openjdk-headless (VZLSA-2019:1839)
- 378181 Virtuozzo Linux Security Update for java-1.8.0-openjdk-javadoc-zip (VZLSA-2019:1815)
- 501210 Alpine Linux Security Update for openjdk7
- 501219 Alpine Linux Security Update for openjdk8
- 502139 Alpine Linux Security Update for openjdk11