KLA11470 Multiple vulnerabilities in Oracle Java SE

Multiple vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Vulnerability in Windows DLL component of Java SE can be exploited remotely to bypass security restrictions;
2. Vulnerability in Libraries component of Java SE, Java SE Embedded can be exploited remotely to bypass security restrictions;
3. Vulnerability in RMI component of Java SE, Java SE Embedded can be exploited remotely to bypass security restrictions;
4. Multiple vulnerabilities in 2D component of Java SE can be exploited remotely to bypass security restrictions.

Original advisories

Oracle Critical Patch Update Advisory – April 2019

Related products

Oracle-Java-JRE-1.8.x

Oracle-Java-JRE-1.9.x

Oracle-Java-JRE-1.10.x

CVE list

CVE-2019-2698 high

CVE-2019-2684 warning

CVE-2019-2699 high

CVE-2019-2602 warning

CVE-2019-2697 high

Solution

Update to the latest version

Impacts

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• RLF

Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conсrete program errors.

Affected Products

• Java SE: 7u211, 8u202, 11.0.2, 12Java SE Embedded: 8u201