CVE-2019-2698 : Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Sup

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Published 2019-04-23 19:32:56

Updated 2022-08-12 18:03:12

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2019-2698

HP » Xp7 Command View » Advanced Edition
Versions before (<) 8.6.5-00
cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.1
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Satellite » Version: 5.8
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Container Platform » Version: 3.11
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.7.0 Update Update211
cpe:2.3:a:oracle:jdk:1.7.0:update211:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.8.0 Update Update202
cpe:2.3:a:oracle:jdk:1.8.0:update202:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.8.0 Update Update202
cpe:2.3:a:oracle:jre:1.8.0:update202:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update211
cpe:2.3:a:oracle:jre:1.7.0:update211:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 19.04
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Opensuse » Leap » Version: 42.3
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2019-2698

Top countries where our scanners detected CVE-2019-2698

Top open port discovered on systems with this issue 53

IPs affected by CVE-2019-2698 56,742

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2019-2698!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2019-2698

EPSS FAQ

7.81%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-2698

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	2.2	5.9	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2019-2698

https://access.redhat.com/errata/RHSA-2019:1146

RHSA-2019:1146 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html

[SECURITY] [DLA 1782-1] openjdk-7 security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Oracle Critical Patch Update - April 2019
Patch;Vendor Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html

[security-announce] openSUSE-SU-2019:1438-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:1238

RHSA-2019:1238 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3975-1/

USN-3975-1: OpenJDK vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:1166

RHSA-2019:1166 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2019/dsa-4453

Debian -- Security Information -- DSA-4453-1 openjdk-8
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html

[security-announce] openSUSE-SU-2019:1500-1: moderate: Security update f
Mailing List;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHBA-2019:0959

RHBA-2019:0959 - Bug Fix Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:1165

RHSA-2019:1165 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html

[security-announce] openSUSE-SU-2019:1439-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://seclists.org/bugtraq/2019/May/75

Bugtraq: [SECURITY] [DSA 4453-1] openjdk-8 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us

HPESBST03959 rev.1 - HPE Command View Advanced Edition (CVAE) Multiple Vulnerabilities
Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201908-10

Oracle JDK/JRE: Multiple vulnerabilities (GLSA 201908-10) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:1325

RHSA-2019:1325 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:1164

RHSA-2019:1164 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:1163

RHSA-2019:1163 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-2698

Products affected by CVE-2019-2698

Threat overview for CVE-2019-2698

Exploit prediction scoring system (EPSS) score for CVE-2019-2698

CVSS scores for CVE-2019-2698

References for CVE-2019-2698