You are here

Oracle Oracle October 2019 - Java (WAF and Login/IAM)

CVE-2019-2949, CVE-2019-2989, CVE-2019-2958, CVE-2019-11068, CVE-2019-2977, CVE-2019-2975CVE-2019-2999, CVE-2019-2996, CVE-2019-2987, CVE-2019-2962, CVE-2019-2988, CVE-2019-2992, CVE-2019-2964, CVE-2019-2973, CVE-2019-2981, CVE-2019-2978, CVE-2019-2894
java, cpu, Oracle Critical Patch Update

The Oracle Critical Patch Update for October 2019 includes updates for Java SE [1] that fix 20 Java SE vulnerabilities.

Airlock WAF uses Java in the Configuration Center and in several add-on modules. In particular, Airlock Login on WAF runs on Java.

Airlock Login/IAM before version 7.0 relies on a separately installed Java environment and the Java runtime environment is maintained by the system administrator.

No action required for Airlock WAF and Login/IAM.


CVE-2019-2999, CVE-2019-2996, CVE-2019-2945
Does not affect Java deployments, typically in servers, that load and run only trusted code.

CVE-2019-2964, CVE-2019-2977, CVE-2019-2933, CVE-2019-2949, CVE-2019-2989, CVE-2019-11068, CVE-2019-2975, CVE-2019-2973, CVE-2019-2981, CVE-2019-2978, CVE-2019-2983
The affected function is not used in combination with untrusted data.

CVE-2019-2987, CVE-2019-2962, CVE-2019-2992, CVE-2019-2988
Affected component not used by Airlock Secure Access Hub.

Affects only Windows deployments.

Insecure usage of ECDSA curves in Java SSL context. The risk for Airlock Secure Access Hub is negligible.


General Advice: We strongly recommend to update all client deployments of Java and uninstalling Java from clients where it is not needed.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required