CVE-2019-2949

Published: Oct 16, 2019Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 4.0

Source: NVD

Description

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).

Affected (36)

Products: Oracle: Jdk, Jre · Debian: Debian Linux · Netapp: E Series Santricity Os Controller, E Series Santricity Storage Manager, E Series Santricity Unified Manager, E Series Santricity Web Services Proxy, Oncommand Workflow Automation, Snapmanager · +4 more

Show all products

2 products

1 product

6 products

E Series Santricity Os Controller

E Series Santricity Storage Manager

E Series Santricity Unified Manager

E Series Santricity Web Services Proxy

Oncommand Workflow Automation

Snapmanager

Redhat

3 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

1 product

1 product

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Oracle Jdk	Version 1.7.0 update231
Oracle Jdk	Version 1.8.0 update221
Oracle Jdk	Version 11.0.4
Oracle Jdk	Version 13.0.0
Oracle Jre	Version 1.7.0 update231
Oracle Jre	Version 1.8.0 update221
Oracle Jre	Version 11.0.4
Oracle Jre	Version 13.0.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

7 vulnerable

Vulnerable Software	Affected Versions
Netapp E Series Santricity Os Controller	From 11.0.0 to 11.50.2
Netapp E Series Santricity Storage Manager	All versions
Netapp E Series Santricity Unified Manager	All versions
Netapp E Series Santricity Web Services Proxy	All versions
Netapp Oncommand Workflow Automation	All versions
Netapp Snapmanager	All versions
Netapp Snapmanager	All versions

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04
Canonical Ubuntu Linux	Version 19.10

Configuration F

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 15.1

Configuration G

9 vulnerable

Vulnerable Software	Affected Versions
Mcafee Epolicy Orchestrator	Version 5.10.0
Mcafee Epolicy Orchestrator	Version 5.10.0 update_1
Mcafee Epolicy Orchestrator	Version 5.10.0 update_2
Mcafee Epolicy Orchestrator	Version 5.10.0 update_3
Mcafee Epolicy Orchestrator	Version 5.10.0 update_4
Mcafee Epolicy Orchestrator	Version 5.10.0 update_5
Mcafee Epolicy Orchestrator	Version 5.10.0 update_6
Mcafee Epolicy Orchestrator	Version 5.9.0
Mcafee Epolicy Orchestrator	Version 5.9.1