nvd-json-data-feeds/CVE-2019/CVE-2019-29xx/CVE-2019-2989.json

{
  "id": "CVE-2019-2989",
  "sourceIdentifier": "secalert_us@oracle.com",
  "published": "2019-10-16T18:15:33.060",
  "lastModified": "2022-05-13T14:57:23.280",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en Java SE, producto Java SE Embedded de Oracle Java SE (componente: redes). Las versiones compatibles que se ven afectadas son Java SE: 7u231, 8u221, 11.0.4 y 13; Java SE Embedded: 8u221. La vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Java SE, Java SE Embedded. Si bien la vulnerabilidad se encuentra en Java SE, Java SE Embedded, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada del acceso a datos cr\u00edticos o a todos los datos accesibles Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start de espacio aislado o applets de Java de espacio aislado (en Java SE 8), que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de Internet) y dependen de Java caja de arena para seguridad. Esta vulnerabilidad tambi\u00e9n puede explotarse mediante el uso de API en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que suministra datos a las API. CVSS v3.0 Puntaje base 6.8 (Impactos de integridad). Vector CVSS: (CVSS: 3.0 / AV: N / AC: H / PR: N / UI: N / S: C / C: N / I: H / A: N)."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.0
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C120C2F1-D50D-49CC-8E96-207ACCA49674"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "DF90EC6E-5E6B-4358-AC42-0D7C6A58A4E4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update221:*:*:*:*:*:*",
              "matchCriteriaId": "F876E775-7B83-4717-8581-1CBD7AE40C8C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E50CEBC-8E5B-42DE-9DB8-C16319ACD7A7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:jdk:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB1F8AA1-1504-4754-BE10-9663FD7C33E4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "BA5DE829-3541-4A04-8E39-A47555FD1838"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update221:*:*:*:*:*:*",
              "matchCriteriaId": "DE035E49-9A7A-479D-8F97-7C500596A8EB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:jre:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2086EFA1-7C35-4311-B379-7E1AB31EFFA7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:jre:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ED31534-7939-4D8E-ADBD-F2B38445DE02"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "11.0.0",
              "versionEndIncluding": "11.50.2",
              "matchCriteriaId": "27723C4B-C434-4733-96E4-397AA6ECE601"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB695329-036B-447D-BEB0-AA4D89D1D99C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2019:3134",
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2019:3135",
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2019:3136",
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2019:3157",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2019:3158",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2019:4109",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2019:4110",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2019:4113",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2019:4115",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2020:0006",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2020:0046",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10315",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "https://seclists.org/bugtraq/2019/Oct/27",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "https://seclists.org/bugtraq/2019/Oct/31",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "https://security.netapp.com/advisory/ntap-20191017-0001/",
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://usn.ubuntu.com/4223-1/",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "https://www.debian.org/security/2019/dsa-4546",
      "source": "secalert_us@oracle.com"
    },
    {
      "url": "https://www.debian.org/security/2019/dsa-4548",
      "source": "secalert_us@oracle.com"
    }
  ]
}