#VU17050 Information disclosure in Java SE Embedded and Oracle Java SE


Vulnerability identifier: #VU17050

Vulnerability risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2426

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Java SE Embedded
Universal components / Libraries / Software for developers
Oracle Java SE
Universal components / Libraries / Software for developers

Vendor: Oracle

Description
The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to unspecified flaw in Networking component. A remote attacker read arbitrary data.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Java SE Embedded: 8u191

Oracle Java SE: 11.0.1, 8u192, 7u201

External links
http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Tivoli System Automation Application Manager
Multiple vulnerabilities in IBM Tivoli System Automation for Multiplatforms
Multiple vulnerabilities in Dell EMC Data Computing Appliance (DCA)
Multiple vulnerabilities in Dell EMC Search
Multiple vulnerabilities in Dell EMC Data Protection Advisor
Multiple vulnerabilities in Dell EMC Integrated Data Protection Appliance
OpenSUSE Linux update for java-1_7_0-openjdk
OpenSUSE Linux update for java-1_8_0-openjdk
Multiple vulnerabilities in IBM Cloud Transformation Advisor
Multiple vulnerabilities in IBM Decision Optimization for IBM Cloud Private for Data (ICP4Data)