| Title | Oracle Java SE における Security に関する脆弱性 |
|---|---|
| Summary | Oracle Java SE には、Security に関する処理に不備があるため、機密性に影響のある脆弱性が存在します。 |
| Possible impacts | ローカルユーザにより、情報を取得される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | July 16, 2019, midnight |
| Registration Date | July 29, 2019, 2:29 p.m. |
| Last Update | Sept. 24, 2020, 5:40 p.m. |
| CVSS3.0 : 警告 | |
| Score | 5.1 |
|---|---|
| Vector | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVSS2.0 : 注意 | |
| Score | 1.9 |
|---|---|
| Vector | AV:L/AC:M/Au:N/C:P/I:N/A:N |
| オラクル |
| JDK 11.0.3 |
| JDK 7 Update 221 |
| JDK 8 Update 212 |
| JRE 11.0.3 |
| JRE 7 Update 221 |
| JRE 8 Update 212 |
| 日立 |
| Cosminexus Developer's Kit for Java(TM) |
| Hitachi Application Server |
| Hitachi Application Server for Developers |
| Hitachi Automation Director |
| Hitachi Compute Systems Manager |
| Hitachi Configuration Manager |
| Hitachi Developer's Kit for Java |
| Hitachi Device Manager |
| Hitachi Dynamic Link Manager |
| Hitachi Global Link Manager |
| Hitachi Infrastructure Analytics Advisor |
| Hitachi Replication Manager |
| Hitachi Tiered Storage Manager |
| Hitachi Tuning Manager |
| uCosminexus Application Server |
| uCosminexus Application Server (64) |
| uCosminexus Client |
| uCosminexus Developer |
| uCosminexus Service Architect |
| uCosminexus Service Platform |
| uCosminexus Service Platform (64) |
| No | Changed Details | Date of change |
|---|---|---|
| 3 | [2020年09月24日] 影響を受けるシステム:内容を更新 |
Sept. 24, 2020, 3:24 p.m. |
| 2 | [2019年11月08日] 影響を受けるシステム:内容を更新 |
Nov. 8, 2019, 2:28 p.m. |
| 1 | [2019年07月29日] 掲載 |
July 29, 2019, 2:29 p.m. |
| Summary | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). |
|---|---|
| Publication Date | July 24, 2019, 8:15 a.m. |
| Registration Date | Jan. 26, 2021, 11:42 a.m. |
| Last Update | Nov. 21, 2024, 1:41 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:11.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update212:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.7.0:update221:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.7.0:update221:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update212:*:*:*:*:*:* | |||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | |||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* | |||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* | |||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:* | |||||
| cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:* | |||||
| cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:* | |||||
| cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:* | |||||
| cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:* | |||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:* | 8.7.0-00 | ||||