{"id":"CVE-2019-2684","details":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).","modified":"2026-04-16T04:36:03.358589885Z","published":"2019-04-23T19:32:55.443Z","related":["CGA-9689-7f9p-9f4x","SUSE-SU-2019:1052-1","SUSE-SU-2019:1211-1","SUSE-SU-2019:1211-2","SUSE-SU-2019:1219-1","SUSE-SU-2019:1308-1","SUSE-SU-2019:1308-2","SUSE-SU-2019:1345-1","SUSE-SU-2019:1392-1","SUSE-SU-2019:14059-1","SUSE-SU-2019:1644-1","openSUSE-SU-2019:1327-1","openSUSE-SU-2019:1438-1","openSUSE-SU-2024:10871-1","openSUSE-SU-2024:10872-1","openSUSE-SU-2024:10873-1","openSUSE-SU-2024:10876-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/71bd3e4e222479c266eaafc8d0c171ef5782a69b52f68df11b650ed7%40%3Cusers.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/f7f54b4888060d99f59993f006e25005a2b58db0c07ff866bdcd6f17%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/c58d6c3b49c615916b163809f963a55421cac2264885739508e68108%40%3Cannounce.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/38a01302c92ae513910d8c851a2d111736565bd698be4e3af3e4c063%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cdev.cassandra.apache.org%3E"},{"type":"WEB","url":"https://support.f5.com/csp/article/K11175903?utm_source=f5support&amp%3Butm_medium=RSS"},{"type":"WEB","url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1166"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1165"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1325"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/May/75"},{"type":"ADVISORY","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1164"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3975-1/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201908-10"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1163"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4453"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2019:0959"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1518"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/09/01/4"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1146"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1238"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/cassandra","events":[{"introduced":"0"},{"last_affected":"88dee7e9d515ad94ecf8f2309f1e6138ec79e1a2"},{"introduced":"e06c1e8381525363e90ccf694275361e2958647a"},{"fixed":"94e9149c22f6a7772c0015e1b1ef2e2961155c0a"},{"introduced":"437bb9de77f54aa5a4a6a634ab3d2c753a17b3fc"},{"fixed":"d4938cf4e488a9ef3ac48164a3e946f16255d721"},{"introduced":"96f407bce56b98cd824d18e32ee012dbb99a0286"},{"fixed":"45331bb612dc7847efece7e26cdd0b376bd11249"},{"introduced":"88dee7e9d515ad94ecf8f2309f1e6138ec79e1a2"},{"fixed":"8b29b698630960a0ebb2c695cc5b21dee4686d09"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.11"},{"introduced":"2.1.0"},{"fixed":"2.1.22"},{"introduced":"2.2.0"},{"fixed":"2.2.18"},{"introduced":"3.0.0"},{"fixed":"3.0.22"},{"introduced":"3.11.0"},{"fixed":"3.11.8"}]}},{"type":"GIT","repo":"https://github.com/apache/tomcat","events":[{"introduced":"0"},{"last_affected":"d428a82c122c86e64aa4ffc4a515aee31ba7a51e"},{"introduced":"0"},{"last_affected":"d428a82c122c86e64aa4ffc4a515aee31ba7a51e"},{"introduced":"0"},{"last_affected":"e498667bd7811e846771a852b16ce9f1e524b81b"},{"introduced":"0"},{"last_affected":"e498667bd7811e846771a852b16ce9f1e524b81b"},{"introduced":"0"},{"last_affected":"e498667bd7811e846771a852b16ce9f1e524b81b"},{"introduced":"0"},{"last_affected":"16bf392c67833ad549733b58c350ff92b5ee782a"},{"introduced":"e498667bd7811e846771a852b16ce9f1e524b81b"},{"last_affected":"1cfec207b09fed52965f0d0426059ca989daf3b4"},{"introduced":"e37b977db6f47e4380ad67114a49e8568951c953"},{"last_affected":"14bdacea996993a3b94ec0972cea92370e42ae4d"},{"introduced":"3c78e95e36268dfb76db1570f0cf49104fa6eabc"},{"last_affected":"7c14efedba0cc81319efacb0e7f5129804e7b6f9"},{"introduced":"0"},{"last_affected":"29b07def810d335012e738b22ab44d4e232b50d1"},{"introduced":"0"},{"last_affected":"10e04de1946981261a734507f4a6d953e2a206fe"},{"introduced":"0"},{"last_affected":"65ddc3a3872ea41ca67fec7b6834c704b6893361"},{"introduced":"0"},{"last_affected":"b5a74e3c7913c560648f0ffedfbbb3ebe4318def"},{"introduced":"0"},{"last_affected":"de128d72af746184e035ff1b53629f08cb141a04"},{"introduced":"0"},{"last_affected":"aac670afe1226e10513021100fce8a12344743c6"},{"introduced":"0"},{"last_affected":"c2c8107f0cea4755497a85990807b883b66f6b57"},{"introduced":"0"},{"last_affected":"8c48678b110f3fbbe66f6dde0e45d2578fa92c29"},{"introduced":"0"},{"last_affected":"9c5edb840d9413c1408e7c191bc0e1bbfcd9e07f"},{"introduced":"0"},{"last_affected":"59e713216cf2256aacc54f6ba627865f356f9e4e"},{"introduced":"0"},{"last_affected":"7dc5e29fe49850102261badf158752d6865311e4"},{"introduced":"0"},{"last_affected":"18b014d8691909be6153ae7db022a6c35f9c93ea"},{"introduced":"0"},{"last_affected":"600dc8ba5d9be7599d29bff83c342213d93b034e"},{"introduced":"0"},{"last_affected":"3bd48aab236e5bf0ed1644e9f0c588fd20e503ab"},{"introduced":"0"},{"last_affected":"642d3dd4d50ea1f03f9827962e4fc982a123bb78"},{"introduced":"0"},{"last_affected":"24566c02fb917a6ca1b6479a60971b0d8acd895c"},{"introduced":"0"},{"last_affected":"cac0e029dcced854eeca7444710e78e412dc2c2a"},{"introduced":"0"},{"last_affected":"c5efed313de1a181f4f9f98f5023117f3b911257"},{"introduced":"0"},{"last_affected":"ab04166fac59fcf9b3be3aab1c8b896842782d4c"},{"introduced":"0"},{"last_affected":"35071e7e52f296b9187b054b0efd74121b7db3bd"},{"introduced":"0"},{"last_affected":"d1dc05e934e089ea8907998cf850760017a0ed82"},{"introduced":"0"},{"last_affected":"fd7f13635e6855f6ba3fead0bf37ba2fbf8b68cf"},{"introduced":"0"},{"last_affected":"c7b84102600d600bcc527560d9c4d10c3fd440ab"},{"introduced":"0"},{"last_affected":"d8ebf61e51b4455e3c226751e492a533f9002d48"},{"introduced":"0"},{"last_affected":"aba238718ac9b149d25feaa9a14ecad3b0e3a5e2"},{"introduced":"0"},{"last_affected":"fe854ab1f111396458d98fa2ab08c693ce9407e1"},{"introduced":"0"},{"last_affected":"45f8fd74cdb96490fab8709263a4d862f0d429cf"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"11.0.2"},{"introduced":"0"},{"last_affected":"11.0.2"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"9.0"},{"introduced":"7.0.0"},{"last_affected":"7.0.97"},{"introduced":"8.5.0"},{"last_affected":"8.5.47"},{"introduced":"9.0.1"},{"last_affected":"9.0.28"},{"introduced":"0"},{"last_affected":"9.0.0-milestone1"},{"introduced":"0"},{"last_affected":"9.0.0-milestone10"},{"introduced":"0"},{"last_affected":"9.0.0-milestone11"},{"introduced":"0"},{"last_affected":"9.0.0-milestone12"},{"introduced":"0"},{"last_affected":"9.0.0-milestone13"},{"introduced":"0"},{"last_affected":"9.0.0-milestone14"},{"introduced":"0"},{"last_affected":"9.0.0-milestone15"},{"introduced":"0"},{"last_affected":"9.0.0-milestone16"},{"introduced":"0"},{"last_affected":"9.0.0-milestone17"},{"introduced":"0"},{"last_affected":"9.0.0-milestone18"},{"introduced":"0"},{"last_affected":"9.0.0-milestone19"},{"introduced":"0"},{"last_affected":"9.0.0-milestone2"},{"introduced":"0"},{"last_affected":"9.0.0-milestone20"},{"introduced":"0"},{"last_affected":"9.0.0-milestone21"},{"introduced":"0"},{"last_affected":"9.0.0-milestone22"},{"introduced":"0"},{"last_affected":"9.0.0-milestone23"},{"introduced":"0"},{"last_affected":"9.0.0-milestone24"},{"introduced":"0"},{"last_affected":"9.0.0-milestone25"},{"introduced":"0"},{"last_affected":"9.0.0-milestone26"},{"introduced":"0"},{"last_affected":"9.0.0-milestone27"},{"introduced":"0"},{"last_affected":"9.0.0-milestone3"},{"introduced":"0"},{"last_affected":"9.0.0-milestone4"},{"introduced":"0"},{"last_affected":"9.0.0-milestone5"},{"introduced":"0"},{"last_affected":"9.0.0-milestone6"},{"introduced":"0"},{"last_affected":"9.0.0-milestone7"},{"introduced":"0"},{"last_affected":"9.0.0-milestone8"},{"introduced":"0"},{"last_affected":"9.0.0-milestone9"}]}}],"versions":["11.0.2","7.0.0","7.0.97","8.5.47","9.0.0","9.0.0-M1","9.0.0-M10","9.0.0-M11","9.0.0-M12","9.0.0-M13","9.0.0-M14","9.0.0-M15","9.0.0-M16","9.0.0-M17","9.0.0-M18","9.0.0-M19","9.0.0-M2","9.0.0-M20","9.0.0-M21","9.0.0-M22","9.0.0-M23","9.0.0-M24","9.0.0-M25","9.0.0-M26","9.0.0-M27","9.0.0-M3","9.0.0-M4","9.0.0-M5","9.0.0-M6","9.0.0-M7","9.0.0-M8","9.0.0-M9","9.0.28","cassandra-1.1.0-beta1","cassandra-1.2.0-beta1","cassandra-1.2.0-beta2","cassandra-2.0.0-beta1","cassandra-2.0.0-beta2","cassandra-2.0.0-rc1","cassandra-2.1.0-beta1","cassandra-2.1.0-beta2","cassandra-2.1.0-rc1","cassandra-2.1.0-rc2","cassandra-2.1.1","cassandra-2.1.10","cassandra-2.1.11","cassandra-2.1.12","cassandra-2.1.13","cassandra-2.1.14","cassandra-2.1.15","cassandra-2.1.16","cassandra-2.1.17","cassandra-2.1.18","cassandra-2.1.19","cassandra-2.1.2","cassandra-2.1.20","cassandra-2.1.21","cassandra-2.1.7","cassandra-2.1.8","cassandra-2.1.9","cassandra-2.2.0","cassandra-2.2.1","cassandra-2.2.10","cassandra-2.2.11","cassandra-2.2.12","cassandra-2.2.13","cassandra-2.2.14","cassandra-2.2.15","cassandra-2.2.16","cassandra-2.2.17","cassandra-2.2.2","cassandra-2.2.3","cassandra-2.2.4","cassandra-2.2.5","cassandra-2.2.6","cassandra-2.2.8","cassandra-2.2.9","cassandra-3.0.0","cassandra-3.0.1","cassandra-3.0.10","cassandra-3.0.11","cassandra-3.0.12","cassandra-3.0.13","cassandra-3.0.14","cassandra-3.0.15","cassandra-3.0.16","cassandra-3.0.17","cassandra-3.0.18","cassandra-3.0.19","cassandra-3.0.20","cassandra-3.0.21","cassandra-3.0.3","cassandra-3.0.4","cassandra-3.0.5","cassandra-3.0.6","cassandra-3.0.7","cassandra-3.0.9","cassandra-3.11.0","cassandra-3.11.1","cassandra-3.11.2","cassandra-3.11.3","cassandra-3.11.4","cassandra-3.11.5","cassandra-3.11.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-2684.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.7.0-update211"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update201"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update202"}]},{"events":[{"introduced":"0"},{"last_affected":"12"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.0-update211"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update201"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update202"}]},{"events":[{"introduced":"0"},{"last_affected":"12"}]},{"events":[{"introduced":"0"},{"last_affected":"5.8"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"42.3"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.0-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]},{"events":[{"introduced":"0"},{"last_affected":"19.04"}]},{"events":[{"introduced":"0"},{"fixed":"8.6.5-00"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}