#VU17051 Information disclosure in Java SE Embedded and Oracle Java SE - CVE-2019-2422

Cybersecurity Help s.r.o.

Published: 2019-01-17 | Updated: 2019-04-09

Vulnerability identifier: #VU17051

Vulnerability risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-2422

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Java SE Embedded
Universal components / Libraries / Software for developers
Oracle Java SE
Universal components / Libraries / Software for developers

Vendor: Oracle

Description
The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to unspecified flaw in Libraries component. A remote attacker can gain access to sensitive information on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Java SE Embedded: 8u191

Oracle Java SE: 7u201, 8u192, 11.0.1

External links
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell EMC Data Computing Appliance (DCA)

Multiple vulnerabilities in Dell EMC Search

Multiple vulnerabilities in Dell EMC Data Protection Advisor

Multiple vulnerabilities in Dell EMC Integrated Data Protection Appliance

OpenSUSE Linux update for java-1_7_0-openjdk

OpenSUSE Linux update for java-1_8_0-openjdk

Multiple vulnerabilities in IBM Cloud Transformation Advisor

Ubuntu update for OpenJDK 11

Ubuntu update for OpenJDK 7

Amazon Linux AMI update for java-1.7.0-openjdk