CVE-2019-2684 : Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subc

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Published 2019-04-23 19:32:55

Updated 2022-10-06 17:54:11

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2019-2684

HP » Xp7 Command View » Advanced Edition
Versions before (<) 8.6.5-00
cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.1
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Satellite » Version: 5.8
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Container Platform » Version: 3.11
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
Matching versions
Apache » Tomcat
Versions from including (>=) 8.5.0 and up to, including, (<=) 8.5.47
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Matching versions
Apache » Tomcat
Versions from including (>=) 7.0.0 and up to, including, (<=) 7.0.97
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Matching versions
Apache » Tomcat
Versions from including (>=) 9.0.1 and up to, including, (<=) 9.0.28
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone1
cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone10
cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone11
cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone12
cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone13
cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone14
cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone15
cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone16
cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone17
cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone18
cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone19
cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone2
cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone20
cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone21
cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone22
cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone23
cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone24
cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone25
cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone26
cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone27
cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone3
cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone4
cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone5
cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone6
cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone7
cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone8
cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
Matching versions
Apache » Tomcat » Version: 9.0.0 Update Milestone9
cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
Matching versions
Apache » Cassandra
Versions from including (>=) 3.11.0 and before (<) 3.11.8
cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*
Matching versions
Apache » Cassandra
Versions from including (>=) 2.1.0 and before (<) 2.1.22
cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*
Matching versions
Apache » Cassandra
Versions from including (>=) 2.2.0 and before (<) 2.2.18
cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*
Matching versions
Apache » Cassandra
Versions from including (>=) 3.0.0 and before (<) 3.0.22
cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*
Matching versions
Apache » Cassandra » Version: 4.0.0 Update Beta1
cpe:2.3:a:apache:cassandra:4.0.0:beta1:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.7.0 Update Update211
cpe:2.3:a:oracle:jdk:1.7.0:update211:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 11.0.2
cpe:2.3:a:oracle:jdk:11.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.8.0 Update Update202
cpe:2.3:a:oracle:jdk:1.8.0:update202:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 12
cpe:2.3:a:oracle:jdk:12:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.8.0 Update Update201
cpe:2.3:a:oracle:jdk:1.8.0:update201:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 11.0.2
cpe:2.3:a:oracle:jre:11.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 12
cpe:2.3:a:oracle:jre:12:*:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.8.0 Update Update202
cpe:2.3:a:oracle:jre:1.8.0:update202:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update211
cpe:2.3:a:oracle:jre:1.7.0:update211:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.8.0 Update Update201
cpe:2.3:a:oracle:jre:1.8.0:update201:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 19.04
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Opensuse » Leap » Version: 42.3
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2019-2684

Top countries where our scanners detected CVE-2019-2684

Top open port discovered on systems with this issue 80

IPs affected by CVE-2019-2684 312,056

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2019-2684!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2019-2684

EPSS FAQ

2.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 83 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-2684

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

References for CVE-2019-2684

https://access.redhat.com/errata/RHSA-2019:1146

RHSA-2019:1146 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html

[SECURITY] [DLA 1782-1] openjdk-7 security update
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7@%3Cuser.cassandra.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html

[security-announce] openSUSE-SU-2019:1327-1: moderate: Security update f
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152@%3Cuser.cassandra.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Oracle Critical Patch Update - April 2019
Patch;Vendor Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E

svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/ - Pony Mail
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html

[security-announce] openSUSE-SU-2019:1438-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2020/09/01/4

oss-security - CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E

svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/ - Pony Mail
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/71bd3e4e222479c266eaafc8d0c171ef5782a69b52f68df11b650ed7@%3Cusers.tomcat.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1238

RHSA-2019:1238 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3975-1/

USN-3975-1: OpenJDK vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://support.f5.com/csp/article/K11175903?utm_source=f5support&utm_medium=RSS

Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1166

RHSA-2019:1166 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2019/dsa-4453

Debian -- Security Information -- DSA-4453-1 openjdk-8
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E

svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/ - Pony Mail
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html

[security-announce] openSUSE-SU-2019:1500-1: moderate: Security update f
Mailing List;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHBA-2019:0959

RHBA-2019:0959 - Bug Fix Advisory - Red Hat Customer Portal
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E

svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/ - Pony Mail
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/c58d6c3b49c615916b163809f963a55421cac2264885739508e68108@%3Cannounce.apache.org%3E

[SECURITY] CVE-2019-12418 Local Privilege Escalation - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152@%3Cdev.cassandra.apache.org%3E

CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability - Pony Mail
Mailing List;Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1165

RHSA-2019:1165 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html

[security-announce] openSUSE-SU-2019:1439-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://seclists.org/bugtraq/2019/May/75

Bugtraq: [SECURITY] [DSA 4453-1] openjdk-8 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce@%3Cuser.cassandra.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67@%3Cannounce.tomcat.apache.org%3E

[SECURITY] CVE-2019-12418 Local Privilege Escalation - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/ - Pony Mail
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/f7f54b4888060d99f59993f006e25005a2b58db0c07ff866bdcd6f17@%3Cdev.tomcat.apache.org%3E

[SECURITY] CVE-2019-12418 Local Privilege Escalation - Pony Mail
Mailing List;Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us

HPESBST03959 rev.1 - HPE Command View Advanced Edition (CVAE) Multiple Vulnerabilities
Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201908-10

Oracle JDK/JRE: Multiple vulnerabilities (GLSA 201908-10) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:1325

RHSA-2019:1325 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/38a01302c92ae513910d8c851a2d111736565bd698be4e3af3e4c063@%3Cdev.tomcat.apache.org%3E

svn commit: r1871756 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml - Pony Mail
Mailing List;Patch;Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1164

RHSA-2019:1164 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc@%3Cuser.cassandra.apache.org%3E

Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:1518

RHSA-2019:1518 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:1163

RHSA-2019:1163 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-2684

Products affected by CVE-2019-2684

Threat overview for CVE-2019-2684

Exploit prediction scoring system (EPSS) score for CVE-2019-2684

CVSS scores for CVE-2019-2684

References for CVE-2019-2684