CVE-2019-10245 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 81%

Affected Products (NVD)

Vendor	Product	Version
eclipse	openj9	𝑥 < 0.14.0
redhat	satellite	5.8
redhat	enterprise_linux	8.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0

𝑥

= Vulnerable software versions

Red Hat Enterprise Linux Releases

Red Hat Product

Release

java-1.7.1-ibm

RHEL 6	1:1.7.1.4.45-1jpp.1.el6_10 fixed
RHEL 7	1:1.7.1.4.45-1jpp.1.el7 fixed

java-1.7.1-ibm-demo

RHEL 6	1:1.7.1.4.45-1jpp.1.el6_10 fixed
RHEL 7	1:1.7.1.4.45-1jpp.1.el7 fixed

java-1.7.1-ibm-devel

RHEL 6	1:1.7.1.4.45-1jpp.1.el6_10 fixed
RHEL 7	1:1.7.1.4.45-1jpp.1.el7 fixed

java-1.7.1-ibm-jdbc

RHEL 6	1:1.7.1.4.45-1jpp.1.el6_10 fixed
RHEL 7	1:1.7.1.4.45-1jpp.1.el7 fixed

java-1.7.1-ibm-plugin

RHEL 6	1:1.7.1.4.45-1jpp.1.el6_10 fixed
RHEL 7	1:1.7.1.4.45-1jpp.1.el7 fixed

java-1.7.1-ibm-src

RHEL 6	1:1.7.1.4.45-1jpp.1.el6_10 fixed
RHEL 7	1:1.7.1.4.45-1jpp.1.el7 fixed

java-1.8.0-ibm

RHEL 6	1:1.8.0.5.35-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.5.35-1jpp.1.el7 fixed
RHEL 8	1:1.8.0.5.35-3.el8_0 fixed
RHEL 8.0 E4S	1:1.8.0.5.35-3.el8_0 fixed

java-1.8.0-ibm-demo

RHEL 6	1:1.8.0.5.35-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.5.35-1jpp.1.el7 fixed
RHEL 8	1:1.8.0.5.35-3.el8_0 fixed
RHEL 8.0 E4S	1:1.8.0.5.35-3.el8_0 fixed

java-1.8.0-ibm-devel

RHEL 6	1:1.8.0.5.35-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.5.35-1jpp.1.el7 fixed
RHEL 8	1:1.8.0.5.35-3.el8_0 fixed
RHEL 8.0 E4S	1:1.8.0.5.35-3.el8_0 fixed

java-1.8.0-ibm-headless

RHEL 8	1:1.8.0.5.35-3.el8_0 fixed
RHEL 8.0 E4S	1:1.8.0.5.35-3.el8_0 fixed

java-1.8.0-ibm-jdbc

RHEL 6	1:1.8.0.5.35-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.5.35-1jpp.1.el7 fixed
RHEL 8	1:1.8.0.5.35-3.el8_0 fixed
RHEL 8.0 E4S	1:1.8.0.5.35-3.el8_0 fixed

java-1.8.0-ibm-plugin

RHEL 6	1:1.8.0.5.35-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.5.35-1jpp.1.el7 fixed
RHEL 8	1:1.8.0.5.35-3.el8_0 fixed
RHEL 8.0 E4S	1:1.8.0.5.35-3.el8_0 fixed

java-1.8.0-ibm-src

RHEL 6	1:1.8.0.5.35-1jpp.1.el6_10 fixed
RHEL 7	1:1.8.0.5.35-1jpp.1.el7 fixed
RHEL 8	1:1.8.0.5.35-3.el8_0 fixed
RHEL 8.0 E4S	1:1.8.0.5.35-3.el8_0 fixed

java-1.8.0-ibm-webstart

RHEL 8	1:1.8.0.5.35-3.el8_0 fixed
RHEL 8.0 E4S	1:1.8.0.5.35-3.el8_0 fixed

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://www.securityfocus.com/bid/108094

https://access.redhat.com/errata/RHSA-2019:1163

https://access.redhat.com/errata/RHSA-2019:1164

https://access.redhat.com/errata/RHSA-2019:1165

https://access.redhat.com/errata/RHSA-2019:1166

https://access.redhat.com/errata/RHSA-2019:1238

https://access.redhat.com/errata/RHSA-2019:1325

https://bugs.eclipse.org/bugs/show_bug.cgi?id=545588