CVE-2019-2962

Published: Oct 16, 2019Modified: Nov 21, 2024

3.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 2.2 / Impact: 1.4

Source: NVD

Description

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Affected (37)

Products: Oracle: Jdk, Jre · Redhat: Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Tus, Enterprise Linux Workstation, Satellite · Netapp: E Series Santricity Os Controller, E Series Santricity Storage Manager, E Series Santricity Unified Manager, E Series Santricity Web Services Proxy, Oncommand Workflow Automation, Snapmanager · +3 more

Show all products

2 products

8 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Satellite

Netapp

6 products

E Series Santricity Os Controller

E Series Santricity Storage Manager

E Series Santricity Unified Manager

E Series Santricity Web Services Proxy

Oncommand Workflow Automation

1 product

1 product

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Oracle Jdk	Version 1.7.0 update231
Oracle Jdk	Version 1.8.0 update221
Oracle Jdk	Version 11.0.4
Oracle Jdk	Version 13.0.0
Oracle Jre	Version 1.7.0 update231
Oracle Jre	Version 1.8.0 update221
Oracle Jre	Version 11.0.4
Oracle Jre	Version 13.0.0

Configuration B

13 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Eus	Version 7.7
Redhat Enterprise Linux Eus	Version 8.1
Redhat Enterprise Linux Eus	Version 8.6
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.7
Redhat Enterprise Linux Server Tus	Version 7.7
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Enterprise Linux Workstation	Version 7.0
Redhat Satellite	Version 5.8

Configuration C

7 vulnerable

Vulnerable Software	Affected Versions
Netapp E Series Santricity Os Controller	From 11.0.0 to 11.50.2
Netapp E Series Santricity Storage Manager	All versions
Netapp E Series Santricity Unified Manager	All versions
Netapp E Series Santricity Web Services Proxy	All versions
Netapp Oncommand Workflow Automation	All versions
Netapp Snapmanager	All versions
Netapp Snapmanager	All versions

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 15.1

Configuration F

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04
Canonical Ubuntu Linux	Version 19.10

References (44)

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html

Source: secalert_us@oracle.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html

Source: secalert_us@oracle.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html

Source: secalert_us@oracle.com

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Source: secalert_us@oracle.com

PatchVendor Advisory

https://access.redhat.com/errata/RHSA-2019:3134

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3135

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3136

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3157

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3158

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4109

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4110

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4113

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4115

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0006

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0046

Source: secalert_us@oracle.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html

Source: secalert_us@oracle.com

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Oct/27

Source: secalert_us@oracle.com

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Oct/31

Source: secalert_us@oracle.com

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20191017-0001/

Source: secalert_us@oracle.com

Third Party Advisory

https://usn.ubuntu.com/4223-1/

Source: secalert_us@oracle.com

Third Party Advisory

https://www.debian.org/security/2019/dsa-4546

Source: secalert_us@oracle.com

Third Party Advisory

https://www.debian.org/security/2019/dsa-4548

Source: secalert_us@oracle.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html