First published: Wed Jan 16 2019(Updated: )
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle JDK | =1.7.0-update201 | |
Oracle JDK | =1.8.0-update191 | |
Oracle JDK | =1.8.0-update192 | |
Oracle JDK | =11.0.1 | |
Oracle JRE | =1.7.0-update201 | |
Oracle JRE | =1.8.0-update191 | |
Oracle JRE | =1.8.0-update192 | |
Oracle JRE | =11.0.1 | |
Netapp Oncommand Unified Manager | ||
Netapp Oncommand Unified Manager Windows | >=7.3 | |
Netapp Oncommand Unified Manager Vmware Vsphere | >=9.4 | |
NetApp OnCommand Workflow Automation | ||
Netapp Snapmanager Oracle | ||
Netapp Snapmanager Sap | ||
openSUSE Leap | =42.3 | |
Hp Xp7 Command View | <8.6.4-00 | |
=1.7.0-update201 | ||
=1.8.0-update191 | ||
=1.8.0-update192 | ||
=11.0.1 | ||
=1.7.0-update201 | ||
=1.8.0-update191 | ||
=1.8.0-update192 | ||
=11.0.1 | ||
>=7.3 | ||
>=9.4 | ||
=42.3 | ||
<8.6.4-00 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-2426 is medium with a CVSS score of 3.7.
Java SE versions 7u201, 8u192, and 11.0.1 are affected by CVE-2019-2426.
An unauthenticated attacker with network access can exploit CVE-2019-2426 via multiple protocols.
The affected software products include Oracle JDK, Oracle JRE, Netapp Oncommand Unified Manager, NetApp OnCommand Workflow Automation, Netapp Snapmanager, openSUSE Leap, and Hp Xp7 Command View.
You can find more information about CVE-2019-2426 on the following references: [http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html](http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html), [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html), and [http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html](http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html).