{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T06:20:01.796","vulnerabilities":[{"cve":{"id":"CVE-2019-10181","sourceIdentifier":"secalert@redhat.com","published":"2019-07-31T23:15:10.777","lastModified":"2024-11-21T04:18:35.860","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox."},{"lang":"es","value":"Se descubrió icedtea-web hasta 1.7.2 y 1.8.2 inclusive con código ejecutable podría ser inyectado  en un archivo JAR sin comprometer la verificación de la firma. Un atacante podría usar este defecto para inyectar un  código en un archivo JAR seguro. El código podría ser ejecutado dentro de sandbox"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:icedtea-web_project:icedtea-web:*:*:*:*:*:*:*:*","versionEndIncluding":"1.7.2","matchCriteriaId":"32F81AF6-462E-46F2-BECE-9400353385DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:icedtea-web_project:icedtea-web:1.8.2:*:*:*:*:*:*:*","matchCriteriaId":"89D3F8CA-CE6A-41C3-AF15-ADA178DBF351"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","matchCriteriaId":"F1E78106-58E6-4D59-990F-75DA575BFAD9"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10181","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Oct/5","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202107-51","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10181","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Oct/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202107-51","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}