You are here

Oracle CPU July 2019 - Java (WAF and Login/IAM)

CVE-2019-7317, CVE-2019-1821, CVE-2019-2818, CVE-2019-2818, CVE-2019-2818, CVE-2019-2745, CVE-2019-2745, CVE-2019-2842 CVE-2019-2786, CVE-2019-2766
java, cpu, Oracle Critical Patch Update

The Oracle Critical Patch Update for July 2019 includes updates for Java SE [1] that fix ten Java SE vulnerabilities.

Airlock WAF uses Java in the Configuration Center and in several add-on modules. In particular, Airlock Login on WAF runs on Java.

Airlock Login/IAM before version 7.0 relies on a separately installed Java environment and the Java runtime environment is maintained by the system administrator.

No action required for Airlock WAF and Login/IAM.


CVE-2019-7317, CVE-2019-1821, CVE-2019-2818, CVE-2019-2786
Does not affect trusted Java code deployments and are therefore not relevant for Airlock Secure Access Hub.

Not relevant because this issue only affects Windows platforms.

This side-channel issue concerning Elliptic Curve Cryptography is exploitable only locally.

CVE-2019-2769, CVE-2019-2762
For these potential Denial of Service issues we do not see any relevant attack vector for Airlock Secure Access Hub.

This vulnerability may allow invalid characters in URL objects. Airlock Secure Access Hub always checks URLs against whitelists or performs validation (e.g. using regular expressions).

This missing bounds check does not affect Airlock Secure Access Hub since compiler intrinsics are not used.


General Advice: We strongly recommend to update all client deployments of Java and uninstalling Java from clients where it is not needed.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required