Search for vulnerabilities
Vulnerability details: VCID-vxdw-fdej-aaan
Vulnerability ID VCID-vxdw-fdej-aaan
Aliases CVE-2019-2745
Summary Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-385 Covert Timing Channel
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2745.html
rhas Moderate https://access.redhat.com/errata/RHSA-2019:1810
rhas Moderate https://access.redhat.com/errata/RHSA-2019:1811
rhas Moderate https://access.redhat.com/errata/RHSA-2019:1815
rhas Moderate https://access.redhat.com/errata/RHSA-2019:1816
rhas Moderate https://access.redhat.com/errata/RHSA-2019:1817
rhas Moderate https://access.redhat.com/errata/RHSA-2019:1839
rhas Moderate https://access.redhat.com/errata/RHSA-2019:1840
cvssv3 5.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2745.json
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2019-2745
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1730411
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2745
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2762
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2769
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2786
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2816
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2818
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2821
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2842
cvssv3 5.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 1.9 https://nvd.nist.gov/vuln/detail/CVE-2019-2745
cvssv3 5.1 https://nvd.nist.gov/vuln/detail/CVE-2019-2745
cvssv3.1 5.1 https://nvd.nist.gov/vuln/detail/CVE-2019-2745
generic_textual Medium https://ubuntu.com/security/notices/USN-4080-1
cvssv3.1 5.9 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
generic_textual MODERATE https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2745.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2745.json
https://api.first.org/data/v1/epss?cve=CVE-2019-2745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2842
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://kc.mcafee.com/corporate/index?page=content&id=SB10300
https://lists.debian.org/debian-lts-announce/2019/08/msg00020.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us
https://ubuntu.com/security/notices/USN-4080-1
https://usn.ubuntu.com/4080-1/
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
1730411 https://bugzilla.redhat.com/show_bug.cgi?id=1730411
cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update221:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update221:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update212:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update212:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update221:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update221:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update212:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update212:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CVE-2019-2745 https://nvd.nist.gov/vuln/detail/CVE-2019-2745
RHSA-2019:1810 https://access.redhat.com/errata/RHSA-2019:1810
RHSA-2019:1811 https://access.redhat.com/errata/RHSA-2019:1811
RHSA-2019:1815 https://access.redhat.com/errata/RHSA-2019:1815
RHSA-2019:1816 https://access.redhat.com/errata/RHSA-2019:1816
RHSA-2019:1817 https://access.redhat.com/errata/RHSA-2019:1817
RHSA-2019:1839 https://access.redhat.com/errata/RHSA-2019:1839
RHSA-2019:1840 https://access.redhat.com/errata/RHSA-2019:1840
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2745.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-2745
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-2745
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-2745
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.04683
EPSS Score 0.00028
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.