Which versions of Java SE are affected by CVE-2019-2894?

Java SE versions 7u231, 8u221, 11.0.4, and 13 are affected by CVE-2019-2894.

How can an attacker exploit CVE-2019-2894?

CVE-2019-2894 can be exploited by an unauthenticated attacker with network access.

What is the severity of CVE-2019-2894?

CVE-2019-2894 has a severity rating of medium.

Where can I find more information about CVE-2019-2894?

You can find more information about CVE-2019-2894 at the following references: [Reference 1](http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html), [Reference 2](http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html), [Reference 3](http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html).

Vulnerability/
CVE-2019-2894

medium

4.3

16/10/2019

1/10/2024

CVE-2019-2894

Q: What is CVE-2019-2894?

CVE-2019-2894 is an unspecified vulnerability in Java SE related to the Security component.

First published: Wed Oct 16 2019(Updated: )

An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.

Credit: secalert_us@oracle.com

Affected Software	Affected Version	How to fix
IBM Engineering Requirements Quality Assistant On-Premises	<=All
debian/openjdk-11		11.0.24+8-2~deb11u1 11.0.25~5ea-1
debian/openjdk-8		8u422-b05-1
Oracle JDK 6	=1.7.0-update231
Oracle JDK 6	=1.8.0-update221
Oracle JDK 6	=11.0.4
Oracle JDK 6	=13.0.0
Oracle Java Runtime Environment (JRE)	=1.7.0-update231
Oracle Java Runtime Environment (JRE)	=1.8.0-update221
Oracle Java Runtime Environment (JRE)	=11.0.4
Oracle Java Runtime Environment (JRE)	=13.0.0
Debian GNU/Linux	=8.0
Debian GNU/Linux	=9.0
openSUSE	=15.0
openSUSE	=15.1
Trellix ePolicy Orchestrator	=5.9.0
Trellix ePolicy Orchestrator	=5.9.1
Trellix ePolicy Orchestrator	=5.10.0
Trellix ePolicy Orchestrator	=5.10.0-update_1
Trellix ePolicy Orchestrator	=5.10.0-update_2
Trellix ePolicy Orchestrator	=5.10.0-update_3
Trellix ePolicy Orchestrator	=5.10.0-update_4
Trellix ePolicy Orchestrator	=5.10.0-update_5
Trellix ePolicy Orchestrator	=5.10.0-update_6
Ubuntu Linux	=16.04
Ubuntu Linux	=18.04
Ubuntu Linux	=19.04
Ubuntu Linux	=19.10
Debian	=8.0
Debian	=9.0
Ubuntu	=16.04
Ubuntu	=18.04
Ubuntu	=19.04
Ubuntu	=19.10

Remedy

http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6398724

Frequently Asked Questions

What is CVE-2019-2894?
CVE-2019-2894 is an unspecified vulnerability in Java SE related to the Security component.
Which versions of Java SE are affected by CVE-2019-2894?
Java SE versions 7u231, 8u221, 11.0.4, and 13 are affected by CVE-2019-2894.
How can an attacker exploit CVE-2019-2894?
CVE-2019-2894 can be exploited by an unauthenticated attacker with network access.
What is the severity of CVE-2019-2894?
CVE-2019-2894 has a severity rating of medium.
Where can I find more information about CVE-2019-2894?
You can find more information about CVE-2019-2894 at the following references: [Reference 1](http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html), [Reference 2](http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html), [Reference 3](http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html).

agent/type
collector/launchpad-cve
source/Launchpad
agent/remedy
agent/severity
collector/ibm-support
source/IBM
agent/software-canonical-lookup
collector/usn-cve
source/Ubuntu
agent/references
agent/description
agent/first-publish-date
agent/event
collector/security-tracker-debian
source/Debian
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
vendor/ibm
canonical/ibm engineering requirements quality assistant on-premises
version/ibm engineering requirements quality assistant on-premises/all
package-manager/debian
vendor/oracle
canonical/oracle jdk 6
version/oracle jdk 6/1.7.0-update231
version/oracle jdk 6/1.8.0-update221
version/oracle jdk 6/11.0.4
version/oracle jdk 6/13.0.0
canonical/oracle java runtime environment (jre)
version/oracle java runtime environment (jre)/1.7.0-update231
version/oracle java runtime environment (jre)/1.8.0-update221
version/oracle java runtime environment (jre)/11.0.4
version/oracle java runtime environment (jre)/13.0.0
vendor/debian
canonical/debian gnu/linux
version/debian gnu/linux/8.0
version/debian gnu/linux/9.0
vendor/opensuse
canonical/opensuse
version/opensuse/15.0
version/opensuse/15.1
vendor/mcafee
canonical/trellix epolicy orchestrator
version/trellix epolicy orchestrator/5.9.0
version/trellix epolicy orchestrator/5.9.1
version/trellix epolicy orchestrator/5.10.0
version/trellix epolicy orchestrator/5.10.0-update_1
version/trellix epolicy orchestrator/5.10.0-update_2
version/trellix epolicy orchestrator/5.10.0-update_3
version/trellix epolicy orchestrator/5.10.0-update_4
version/trellix epolicy orchestrator/5.10.0-update_5
version/trellix epolicy orchestrator/5.10.0-update_6
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/16.04
version/ubuntu linux/18.04
version/ubuntu linux/19.04
version/ubuntu linux/19.10
canonical/debian
version/debian/8.0
version/debian/9.0
canonical/ubuntu
version/ubuntu/16.04
version/ubuntu/18.04
version/ubuntu/19.04
version/ubuntu/19.10