Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-0016
Vulnerability from csaf_certbund
Published
2023-01-03 23:00
Modified
2023-01-03 23:00
Summary
IBM Tivoli Monitoring: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Tivoli Monitoring ist eine Systemüberwachungs-Software zum Managen von Betriebssystemen, Datenbanken und Servern in verteilten und Host-Umgebungen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Tivoli Monitoring ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Tivoli Monitoring ist eine Systemüberwachungs-Software zum Managen von Betriebssystemen, Datenbanken und Servern in verteilten und Host-Umgebungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Tivoli Monitoring ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0016 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0016.json", }, { category: "self", summary: "WID-SEC-2023-0016 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0016", }, { category: "external", summary: "IBM Security Bulletin vom 2023-01-03", url: "https://www.ibm.com/support/pages/node/6587154", }, { category: "external", summary: "IBM Security Bulletin vom 2023-01-03", url: "https://www.ibm.com/support/pages/node/6472877", }, { category: "external", summary: "IBM Security Bulletin vom 2023-01-03", url: "https://www.ibm.com/support/pages/node/6466307", }, { category: "external", summary: "IBM Security Bulletin vom 2023-01-03", url: "https://www.ibm.com/support/pages/node/6466303", }, { category: "external", summary: "IBM Security Bulletin vom 2023-01-03", url: "https://www.ibm.com/support/pages/node/6438833", }, { category: "external", summary: "IBM Security Bulletin vom 2023-01-03", url: "https://www.ibm.com/support/pages/node/6376752", }, { category: "external", summary: "IBM Security Bulletin vom 2023-01-03", url: "https://www.ibm.com/support/pages/node/6252467", }, ], source_lang: "en-US", title: "IBM Tivoli Monitoring: Mehrere Schwachstellen", tracking: { current_release_date: "2023-01-03T23:00:00.000+00:00", generator: { date: "2024-08-15T17:40:42.367+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0016", initial_release_date: "2023-01-03T23:00:00.000+00:00", revision_history: [ { date: "2023-01-03T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "IBM Tivoli Monitoring 6.3.0", product: { name: "IBM Tivoli Monitoring 6.3.0", product_id: "307523", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_monitoring:6.3.0", }, }, }, { category: "product_name", name: "IBM Tivoli Monitoring 6.3.0.1", product: { name: "IBM Tivoli Monitoring 6.3.0.1", product_id: "307524", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_monitoring:6.3.0.1", }, }, }, { category: "product_name", name: "IBM Tivoli Monitoring 6.3.0.2", product: { name: "IBM Tivoli Monitoring 6.3.0.2", product_id: "307525", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_monitoring:6.3.0.2", }, }, }, { category: "product_name", name: "IBM Tivoli Monitoring 6.3.0.3", product: { name: "IBM Tivoli Monitoring 6.3.0.3", product_id: "307526", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_monitoring:6.3.0.3", }, }, }, { category: "product_name", name: "IBM Tivoli Monitoring 6.3.0.4", product: { name: "IBM Tivoli Monitoring 6.3.0.4", product_id: "307527", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_monitoring:6.3.0.4", }, }, }, { category: "product_name", name: "IBM Tivoli Monitoring 6.3.0.5", product: { name: "IBM Tivoli Monitoring 6.3.0.5", product_id: "342006", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_monitoring:6.3.0.5", }, }, }, { category: "product_name", name: "IBM Tivoli Monitoring 6.3.0.6", product: { name: "IBM Tivoli Monitoring 6.3.0.6", product_id: "342007", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_monitoring:6.3.0.6", }, }, }, { category: "product_name", name: "IBM Tivoli Monitoring 6.3.0.7", product: { name: "IBM Tivoli Monitoring 6.3.0.7", product_id: "342008", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_monitoring:6.3.0.7", }, }, }, { category: "product_name", name: "IBM Tivoli Monitoring for Virtual Environments", product: { name: "IBM Tivoli Monitoring for Virtual Environments", product_id: "T025737", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_monitoring:::for_virtual_environments", }, }, }, ], category: "product_name", name: "Tivoli Monitoring", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2022-22965", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2022-22965", }, { cve: "CVE-2021-2161", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2021-2161", }, { cve: "CVE-2020-2830", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-2830", }, { cve: "CVE-2020-2805", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-2805", }, { cve: "CVE-2020-2803", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-2803", }, { cve: "CVE-2020-2800", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-2800", }, { cve: "CVE-2020-2781", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-2781", }, { cve: "CVE-2020-2773", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-2773", }, { cve: "CVE-2020-2757", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-2757", }, { cve: "CVE-2020-2756", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-2756", }, { cve: "CVE-2020-2755", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-2755", }, { cve: "CVE-2020-2754", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-2754", }, { cve: "CVE-2020-27221", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-27221", }, { cve: "CVE-2020-2654", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-2654", }, { cve: "CVE-2020-2601", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-2601", }, { cve: "CVE-2020-2590", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-2590", }, { cve: "CVE-2020-14803", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14803", }, { cve: "CVE-2020-14798", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14798", }, { cve: "CVE-2020-14797", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14797", }, { cve: "CVE-2020-14796", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14796", }, { cve: "CVE-2020-14792", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14792", }, { cve: "CVE-2020-14782", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14782", }, { cve: "CVE-2020-14781", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14781", }, { cve: "CVE-2020-14779", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14779", }, { cve: "CVE-2020-14621", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14621", }, { cve: "CVE-2020-14593", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14593", }, { cve: "CVE-2020-14583", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14583", }, { cve: "CVE-2020-14581", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14581", }, { cve: "CVE-2020-14579", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14579", }, { cve: "CVE-2020-14578", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14578", }, { cve: "CVE-2020-14577", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14577", }, { cve: "CVE-2020-14556", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2020-14556", }, { cve: "CVE-2019-2949", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2019-2949", }, { cve: "CVE-2019-17639", notes: [ { category: "description", text: "In IBM Tivoli Monitoring existieren mehrere Schwachstellen in den genutzten Java und Spring Framework Komponenten. Ein Angreifer kann dies ausnutzen, um die Kontrolle über das System zu erlangen, vertrauliche Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, sowie weitere nicht spezifizierte Auswirkungen zu ereichen.", }, ], product_status: { known_affected: [ "T025737", "307527", "307524", "307523", "307526", "307525", "342008", "342007", "342006", ], }, release_date: "2023-01-03T23:00:00.000+00:00", title: "CVE-2019-17639", }, ], }
cve-2020-14796
Vulnerability from cvelistv5
Published
2020-10-21 14:04
Modified
2024-09-26 20:21
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201023-0004/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4779 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202101-19 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Java SE: 7u271 Version: 8u261 Version: 11.0.8 Version: 15; Java SE Embedded: 8u261 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:00:50.979Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14796", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T19:44:20.611468Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:21:37.049Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u271", }, { status: "affected", version: "8u261", }, { status: "affected", version: "11.0.8", }, { status: "affected", version: "15; Java SE Embedded: 8u261", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:14", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14796", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java SE JDK and JRE", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u271", }, { version_affected: "=", version_value: "8u261", }, { version_affected: "=", version_value: "11.0.8", }, { version_affected: "=", version_value: "15; Java SE Embedded: 8u261", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).", }, ], }, impact: { cvss: { baseScore: "3.1", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20201023-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14796", datePublished: "2020-10-21T14:04:25", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-26T20:21:37.049Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14781
Vulnerability from cvelistv5
Published
2020-10-21 14:04
Modified
2024-09-26 20:24
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201023-0004/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4779 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202101-19 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Java SE: 7u271 Version: 8u261 Version: 11.0.8 Version: 15; Java SE Embedded: 8u261 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:53:43.345Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14781", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T19:44:41.333549Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:24:11.172Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u271", }, { status: "affected", version: "8u261", }, { status: "affected", version: "11.0.8", }, { status: "affected", version: "15; Java SE Embedded: 8u261", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:20", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14781", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java SE JDK and JRE", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u271", }, { version_affected: "=", version_value: "8u261", }, { version_affected: "=", version_value: "11.0.8", }, { version_affected: "=", version_value: "15; Java SE Embedded: 8u261", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20201023-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14781", datePublished: "2020-10-21T14:04:25", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-26T20:24:11.172Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14593
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:35
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u261, 8u251, 11.0.7, 14.0.1 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:53:42.576Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14593", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:58:35.278922Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:35:33.800Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:43", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14593", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).", }, ], }, impact: { cvss: { baseScore: "7.4", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14593", datePublished: "2020-07-15T17:34:29", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:35:33.800Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14577
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:38
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u261, 8u251, 11.0.7, 14.0.1 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:46:34.986Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14577", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:58:56.789755Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:38:12.047Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:41", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14577", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14577", datePublished: "2020-07-15T17:34:28", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:38:12.047Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14798
Vulnerability from cvelistv5
Published
2020-10-21 14:04
Modified
2024-09-26 20:21
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201023-0004/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4779 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202101-19 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Java SE: 7u271 Version: 8u261 Version: 11.0.8 Version: 15; Java SE Embedded: 8u261 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:00:50.871Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14798", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T19:44:17.079782Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:21:17.899Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u271", }, { status: "affected", version: "8u261", }, { status: "affected", version: "11.0.8", }, { status: "affected", version: "15; Java SE Embedded: 8u261", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:10", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14798", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java SE JDK and JRE", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u271", }, { version_affected: "=", version_value: "8u261", }, { version_affected: "=", version_value: "11.0.8", }, { version_affected: "=", version_value: "15; Java SE Embedded: 8u261", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "3.1", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20201023-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14798", datePublished: "2020-10-21T14:04:25", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-26T20:21:17.899Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2803
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 14:48
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.732Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2803", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T14:41:31.754667Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T14:48:44.826Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:36", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2803", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], }, impact: { cvss: { baseScore: "8.3", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2803", datePublished: "2020-04-15T13:29:47", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T14:48:44.826Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2755
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:41
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.660Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2755", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:00:10.185809Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:41:54.140Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:51", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2755", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2755", datePublished: "2020-04-15T13:29:44", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:41:54.140Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-2161
Vulnerability from cvelistv5
Published
2021-04-22 21:53
Modified
2024-09-26 15:33
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Java SE:7u291 Version: Java SE:8u281 Version: Java SE:11.0.10 Version: Java SE:16 Version: Java SE Embedded:8u281 Version: Oracle GraalVM Enterprise Edition:19.3.5 Version: Oracle GraalVM Enterprise Edition:20.3.1.2 Version: Oracle GraalVM Enterprise Edition:21.0.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:32:03.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { name: "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html", }, { name: "DSA-4899", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4899", }, { name: "FEDORA-2021-6eb9bbbf0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/", }, { name: "FEDORA-2021-65aa196c14", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/", }, { name: "FEDORA-2021-25b47f16af", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/", }, { name: "FEDORA-2021-8b80ef64f1", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/", }, { name: "FEDORA-2021-f71b592e07", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/", }, { name: "FEDORA-2021-b88e86b753", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210513-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", }, { name: "GLSA-202209-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-05", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-2161", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:44:10.262858Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:33:42.318Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE:7u291", }, { status: "affected", version: "Java SE:8u281", }, { status: "affected", version: "Java SE:11.0.10", }, { status: "affected", version: "Java SE:16", }, { status: "affected", version: "Java SE Embedded:8u281", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:19.3.5", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.1.2", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.0.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-07T04:06:40", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { name: "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html", }, { name: "DSA-4899", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4899", }, { name: "FEDORA-2021-6eb9bbbf0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/", }, { name: "FEDORA-2021-65aa196c14", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/", }, { name: "FEDORA-2021-25b47f16af", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/", }, { name: "FEDORA-2021-8b80ef64f1", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/", }, { name: "FEDORA-2021-f71b592e07", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/", }, { name: "FEDORA-2021-b88e86b753", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210513-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", }, { name: "GLSA-202209-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-05", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2021-2161", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java SE JDK and JRE", version: { version_data: [ { version_affected: "=", version_value: "Java SE:7u291", }, { version_affected: "=", version_value: "Java SE:8u281", }, { version_affected: "=", version_value: "Java SE:11.0.10", }, { version_affected: "=", version_value: "Java SE:16", }, { version_affected: "=", version_value: "Java SE Embedded:8u281", }, { version_affected: "=", version_value: "Oracle GraalVM Enterprise Edition:19.3.5", }, { version_affected: "=", version_value: "Oracle GraalVM Enterprise Edition:20.3.1.2", }, { version_affected: "=", version_value: "Oracle GraalVM Enterprise Edition:21.0.0.2", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], }, impact: { cvss: { baseScore: "5.9", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { name: "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html", }, { name: "DSA-4899", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4899", }, { name: "FEDORA-2021-6eb9bbbf0c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/", }, { name: "FEDORA-2021-65aa196c14", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/", }, { name: "FEDORA-2021-25b47f16af", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/", }, { name: "FEDORA-2021-8b80ef64f1", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/", }, { name: "FEDORA-2021-f71b592e07", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/", }, { name: "FEDORA-2021-b88e86b753", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/", }, { name: "https://security.netapp.com/advisory/ntap-20210513-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210513-0001/", }, { name: "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures", refsource: "MISC", url: "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", }, { name: "GLSA-202209-05", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-05", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2021-2161", datePublished: "2021-04-22T21:53:46", dateReserved: "2020-12-09T00:00:00", dateUpdated: "2024-09-26T15:33:42.318Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14782
Vulnerability from cvelistv5
Published
2020-10-21 14:04
Modified
2024-09-26 20:23
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201023-0004/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4779 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202101-19 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Java SE: 7u271 Version: 8u261 Version: 11.0.8 Version: 15; Java SE Embedded: 8u261 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:53:43.289Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14782", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T19:44:39.909812Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:23:59.582Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u271", }, { status: "affected", version: "8u261", }, { status: "affected", version: "11.0.8", }, { status: "affected", version: "15; Java SE Embedded: 8u261", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:13", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14782", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java SE JDK and JRE", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u271", }, { version_affected: "=", version_value: "8u261", }, { version_affected: "=", version_value: "11.0.8", }, { version_affected: "=", version_value: "15; Java SE Embedded: 8u261", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20201023-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14782", datePublished: "2020-10-21T14:04:25", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-26T20:23:59.582Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-2949
Vulnerability from cvelistv5
Published
2019-10-16 17:40
Modified
2024-10-01 16:29
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u231, 8u221, 11.0.4, 13 Version: Java SE Embedded: 8u221 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:03:43.619Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "RHSA-2019:3134", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3134", }, { name: "RHSA-2019:3135", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3135", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191017-0001/", }, { name: "RHSA-2019:3136", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3136", }, { name: "DSA-4546", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4546", }, { name: "20191021 [SECURITY] [DSA 4548-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Oct/27", }, { name: "20191021 [SECURITY] [DSA 4546-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Oct/31", }, { name: "DSA-4548", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4548", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K54213762?utm_source=f5support&%3Butm_medium=RSS", }, { name: "openSUSE-SU-2019:2557", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html", }, { name: "openSUSE-SU-2019:2565", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html", }, { name: "[debian-lts-announce] 20191207 [SECURITY] [DLA 2023-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html", }, { name: "openSUSE-SU-2019:2687", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html", }, { name: "USN-4223-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4223-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-2949", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T16:14:41.472032Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-01T16:29:33.662Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u231, 8u221, 11.0.4, 13", }, { status: "affected", version: "Java SE Embedded: 8u221", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-13T07:06:13", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "RHSA-2019:3134", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3134", }, { name: "RHSA-2019:3135", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3135", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191017-0001/", }, { name: "RHSA-2019:3136", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3136", }, { name: "DSA-4546", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4546", }, { name: "20191021 [SECURITY] [DSA 4548-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Oct/27", }, { name: "20191021 [SECURITY] [DSA 4546-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Oct/31", }, { name: "DSA-4548", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4548", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K54213762?utm_source=f5support&%3Butm_medium=RSS", }, { name: "openSUSE-SU-2019:2557", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html", }, { name: "openSUSE-SU-2019:2565", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html", }, { name: "[debian-lts-announce] 20191207 [SECURITY] [DLA 2023-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html", }, { name: "openSUSE-SU-2019:2687", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html", }, { name: "USN-4223-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4223-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2019-2949", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u231, 8u221, 11.0.4, 13", }, { version_affected: "=", version_value: "Java SE Embedded: 8u221", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "RHSA-2019:3134", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3134", }, { name: "RHSA-2019:3135", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3135", }, { name: "https://security.netapp.com/advisory/ntap-20191017-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191017-0001/", }, { name: "RHSA-2019:3136", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3136", }, { name: "DSA-4546", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4546", }, { name: "20191021 [SECURITY] [DSA 4548-1] openjdk-8 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Oct/27", }, { name: "20191021 [SECURITY] [DSA 4546-1] openjdk-11 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Oct/31", }, { name: "DSA-4548", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4548", }, { name: "https://support.f5.com/csp/article/K54213762?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K54213762?utm_source=f5support&utm_medium=RSS", }, { name: "openSUSE-SU-2019:2557", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html", }, { name: "openSUSE-SU-2019:2565", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html", }, { name: "[debian-lts-announce] 20191207 [SECURITY] [DLA 2023-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html", }, { name: "openSUSE-SU-2019:2687", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html", }, { name: "USN-4223-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4223-1/", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2019-2949", datePublished: "2019-10-16T17:40:55", dateReserved: "2018-12-14T00:00:00", dateUpdated: "2024-10-01T16:29:33.662Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14779
Vulnerability from cvelistv5
Published
2020-10-21 14:04
Modified
2024-09-26 20:24
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Java SE: 7u271 Version: 8u261 Version: 11.0.8 Version: 15; Java SE Embedded: 8u261 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:53:43.428Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "FEDORA-2020-845860fd4f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7XEONOP6JB7SD7AMUWZTLZF2L4QD546/", }, { name: "FEDORA-2020-5708dd5b87", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "FEDORA-2020-febe36c3ac", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2/", }, { name: "FEDORA-2020-421f817e5f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCKZAI4AWSKO5O5VDXHFFKNLOZGZ3KEE/", }, { name: "FEDORA-2020-a405eea76a", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/", }, { name: "FEDORA-2020-fdc79d8e5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14779", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T19:44:44.512253Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:24:31.036Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u271", }, { status: "affected", version: "8u261", }, { status: "affected", version: "11.0.8", }, { status: "affected", version: "15; Java SE Embedded: 8u261", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:12", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "FEDORA-2020-845860fd4f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7XEONOP6JB7SD7AMUWZTLZF2L4QD546/", }, { name: "FEDORA-2020-5708dd5b87", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "FEDORA-2020-febe36c3ac", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2/", }, { name: "FEDORA-2020-421f817e5f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCKZAI4AWSKO5O5VDXHFFKNLOZGZ3KEE/", }, { name: "FEDORA-2020-a405eea76a", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/", }, { name: "FEDORA-2020-fdc79d8e5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14779", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java SE JDK and JRE", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u271", }, { version_affected: "=", version_value: "8u261", }, { version_affected: "=", version_value: "11.0.8", }, { version_affected: "=", version_value: "15; Java SE Embedded: 8u261", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20201023-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "FEDORA-2020-845860fd4f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7XEONOP6JB7SD7AMUWZTLZF2L4QD546/", }, { name: "FEDORA-2020-5708dd5b87", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "FEDORA-2020-febe36c3ac", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2/", }, { name: "FEDORA-2020-421f817e5f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCKZAI4AWSKO5O5VDXHFFKNLOZGZ3KEE/", }, { name: "FEDORA-2020-a405eea76a", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/", }, { name: "FEDORA-2020-fdc79d8e5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14779", datePublished: "2020-10-21T14:04:24", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-26T20:24:31.036Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2601
Vulnerability from cvelistv5
Published
2020-01-15 16:34
Modified
2024-09-30 16:22
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1 Version: Java SE Embedded: 8u231 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:09:54.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2601", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:04:27.899340Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T16:22:28.344Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, { status: "affected", version: "Java SE Embedded: 8u231", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:17", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2601", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u231", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", }, ], }, impact: { cvss: { baseScore: "6.8", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { name: "https://security.netapp.com/advisory/ntap-20200122-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2601", datePublished: "2020-01-15T16:34:02", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T16:22:28.344Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2773
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:39
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.372Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2773", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T14:59:40.704407Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:39:10.475Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:54", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2773", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2773", datePublished: "2020-04-15T13:29:45", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:39:10.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2590
Vulnerability from cvelistv5
Published
2020-01-15 16:34
Modified
2024-09-30 16:30
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1 Version: Java SE Embedded: 8u231 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:09:54.836Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2590", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:04:44.827068Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T16:30:10.889Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, { status: "affected", version: "Java SE Embedded: 8u231", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:15", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2590", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u231", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { name: "https://security.netapp.com/advisory/ntap-20200122-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2590", datePublished: "2020-01-15T16:34:02", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T16:30:10.889Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2781
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:05
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.849Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2781", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T14:57:27.440297Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:05:39.406Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:35", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2781", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "5.3", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2781", datePublished: "2020-04-15T13:29:46", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:05:39.406Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-27221
Vulnerability from cvelistv5
Published
2021-01-21 04:55
Modified
2024-08-04 16:11
Severity ?
EPSS score ?
Summary
In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse OpenJ9 |
Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:11:35.952Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Eclipse OpenJ9", vendor: "The Eclipse Foundation", versions: [ { lessThanOrEqual: "0.23", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-19T18:39:09", orgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", shortName: "eclipse", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@eclipse.org", ID: "CVE-2020-27221", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Eclipse OpenJ9", version: { version_data: [ { version_affected: "<=", version_value: "0.23", }, ], }, }, ], }, vendor_name: "The Eclipse Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121: Stack-based Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763", refsource: "CONFIRM", url: "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569763", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", assignerShortName: "eclipse", cveId: "CVE-2020-27221", datePublished: "2021-01-21T04:55:11", dateReserved: "2020-10-19T00:00:00", dateUpdated: "2024-08-04T16:11:35.952Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14621
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:31
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u261, 8u251, 11.0.7, 14.0.1 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:53:42.540Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "[xerces-j-users] 20201014 Security vulnerability in 2.12.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14621", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:53:09.488159Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:31:06.202Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:38", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "[xerces-j-users] 20201014 Security vulnerability in 2.12.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14621", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "5.3", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202008-24", }, { name: "[xerces-j-users] 20201014 Security vulnerability in 2.12.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103@%3Cj-users.xerces.apache.org%3E", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14621", datePublished: "2020-07-15T17:34:30", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:31:06.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2654
Vulnerability from cvelistv5
Published
2020-01-15 16:34
Modified
2024-09-30 15:59
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:09:55.025Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2654", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:02:46.145962Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:59:18.682Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:12", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2654", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "RHSA-2020:0128", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0128", }, { name: "RHSA-2020:0122", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0122", }, { name: "DSA-4605", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4605", }, { name: "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Jan/24", }, { name: "RHSA-2020:0157", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0157", }, { name: "RHSA-2020:0196", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0196", }, { name: "https://security.netapp.com/advisory/ntap-20200122-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200122-0003/", }, { name: "openSUSE-SU-2020:0113", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html", }, { name: "openSUSE-SU-2020:0147", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html", }, { name: "RHSA-2020:0232", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0232", }, { name: "RHSA-2020:0231", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0231", }, { name: "RHSA-2020:0202", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0202", }, { name: "USN-4257-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4257-1/", }, { name: "DSA-4621", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4621", }, { name: "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Feb/22", }, { name: "RHSA-2020:0541", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0541", }, { name: "RHSA-2020:0632", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0632", }, { name: "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2654", datePublished: "2020-01-15T16:34:05", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:59:18.682Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14578
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:38
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u261, 8u251 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:46:34.793Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202008-24", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14578", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:58:55.382224Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:38:05.115Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u261, 8u251", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:28", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202008-24", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14578", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u261, 8u251", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202008-24", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14578", datePublished: "2020-07-15T17:34:28", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:38:05.115Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-17639
Vulnerability from cvelistv5
Published
2020-07-15 21:19
Modified
2024-08-05 01:47
Severity ?
EPSS score ?
Summary
In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This allows whatever value happens to be in the return register at that time to be used as if it matches the method's declared return type.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.eclipse.org/bugs/show_bug.cgi?id=563998 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse OpenJ9 |
Version: <= 0.21 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:47:13.522Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.eclipse.org/bugs/show_bug.cgi?id=563998", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Eclipse OpenJ9", vendor: "The Eclipse Foundation", versions: [ { status: "affected", version: "<= 0.21", }, ], }, ], descriptions: [ { lang: "en", value: "In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This allows whatever value happens to be in the return register at that time to be used as if it matches the method's declared return type.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-15T21:19:31", orgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", shortName: "eclipse", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.eclipse.org/bugs/show_bug.cgi?id=563998", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@eclipse.org", ID: "CVE-2019-17639", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Eclipse OpenJ9", version: { version_data: [ { version_value: "<= 0.21", }, ], }, }, ], }, vendor_name: "The Eclipse Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This allows whatever value happens to be in the return register at that time to be used as if it matches the method's declared return type.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.eclipse.org/bugs/show_bug.cgi?id=563998", refsource: "CONFIRM", url: "https://bugs.eclipse.org/bugs/show_bug.cgi?id=563998", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", assignerShortName: "eclipse", cveId: "CVE-2019-17639", datePublished: "2020-07-15T21:19:31", dateReserved: "2019-10-16T00:00:00", dateUpdated: "2024-08-05T01:47:13.522Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14803
Vulnerability from cvelistv5
Published
2020-10-21 14:04
Modified
2024-09-26 20:20
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://www.debian.org/security/2020/dsa-4779 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html | vendor-advisory, x_refsource_SUSE | |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201023-0004/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202101-19 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Java SE: 11.0.8 Version: 15 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:00:50.815Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14803", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T19:56:08.056603Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:20:23.469Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 11.0.8", }, { status: "affected", version: "15", }, ], }, { product: "GraalVM Enterprise Edition", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "19.3.4", }, { status: "affected", version: "20.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:07", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14803", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java SE JDK and JRE", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 11.0.8", }, { version_affected: "=", version_value: "15", }, ], }, }, { product_name: "GraalVM Enterprise Edition", version: { version_data: [ { version_affected: "=", version_value: "19.3.4", }, { version_affected: "=", version_value: "20.3.0", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], }, impact: { cvss: { baseScore: "5.3", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "DSA-4779", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20201023-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14803", datePublished: "2020-10-21T14:04:26", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-26T20:20:23.469Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2800
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:02
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.727Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2800", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T14:59:16.949849Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:02:23.206Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:30", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2800", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "4.8", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2800", datePublished: "2020-04-15T13:29:46", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:02:23.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22965
Vulnerability from cvelistv5
Published
2022-04-01 22:17
Modified
2025-01-29 17:52
Severity ?
EPSS score ?
Summary
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tanzu.vmware.com/security/cve-2022-22965 | x_refsource_MISC | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 | vendor-advisory, x_refsource_CISCO | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Framework |
Version: Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:28:42.725Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://www.kb.cert.org/vuls/id/970766", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://tanzu.vmware.com/security/cve-2022-22965", }, { name: "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-22965", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T17:52:10.886552Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-04-04", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22965", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2025-01-29T17:52:44.731Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Spring Framework", vendor: "n/a", versions: [ { status: "affected", version: "Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions", }, ], }, ], descriptions: [ { lang: "en", value: "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94: Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:46:59.000Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://tanzu.vmware.com/security/cve-2022-22965", }, { name: "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@vmware.com", ID: "CVE-2022-22965", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spring Framework", version: { version_data: [ { version_value: "Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-94: Improper Control of Generation of Code ('Code Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://tanzu.vmware.com/security/cve-2022-22965", refsource: "MISC", url: "https://tanzu.vmware.com/security/cve-2022-22965", }, { name: "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005", }, { name: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2022-22965", datePublished: "2022-04-01T22:17:30.000Z", dateReserved: "2022-01-10T00:00:00.000Z", dateUpdated: "2025-01-29T17:52:44.731Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14797
Vulnerability from cvelistv5
Published
2020-10-21 14:04
Modified
2024-09-26 20:21
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201023-0004/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4779 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202101-19 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Java SE: 7u271 Version: 8u261 Version: 11.0.8 Version: 15; Java SE Embedded: 8u261 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:00:50.808Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14797", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T19:44:18.443567Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:21:26.609Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u271", }, { status: "affected", version: "8u261", }, { status: "affected", version: "11.0.8", }, { status: "affected", version: "15; Java SE Embedded: 8u261", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:11", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14797", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java SE JDK and JRE", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u271", }, { version_affected: "=", version_value: "8u261", }, { version_affected: "=", version_value: "11.0.8", }, { version_affected: "=", version_value: "15; Java SE Embedded: 8u261", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20201023-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14797", datePublished: "2020-10-21T14:04:25", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-26T20:21:26.609Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2754
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:42
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.636Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2754", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:00:12.324367Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:42:05.656Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-14T07:06:11", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2754", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2754", datePublished: "2020-04-15T13:29:44", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:42:05.656Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14581
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:37
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 8u251, 11.0.7, 14.0.1 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:53:41.868Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14581", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:58:50.930753Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:37:38.551Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 8u251, 11.0.7, 14.0.1", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:46", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14581", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 8u251, 11.0.7, 14.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14581", datePublished: "2020-07-15T17:34:28", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:37:38.551Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2756
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:41
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.285Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2756", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:00:07.558268Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:41:43.953Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:33", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2756", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2756", datePublished: "2020-04-15T13:29:44", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:41:43.953Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2830
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-27 19:06
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.823Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2830", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:53:52.379987Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T19:06:46.444Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-09T07:06:10", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2830", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "5.3", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2830", datePublished: "2020-04-15T13:29:48", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-27T19:06:46.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14556
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:41
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 8u251, 11.0.7, 14.0.1 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:46:34.700Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14556", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:59:18.810625Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:41:03.969Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 8u251, 11.0.7, 14.0.1", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:26", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14556", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 8u251, 11.0.7, 14.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "4.8", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14556", datePublished: "2020-07-15T17:34:27", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:41:03.969Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14792
Vulnerability from cvelistv5
Published
2020-10-21 14:04
Modified
2024-09-26 20:22
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201023-0004/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4779 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202101-19 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Java SE: 7u271 Version: 8u261 Version: 11.0.8 Version: 15; Java SE Embedded: 8u261 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:53:43.278Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14792", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T19:44:26.978320Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:22:17.546Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u271", }, { status: "affected", version: "8u261", }, { status: "affected", version: "11.0.8", }, { status: "affected", version: "15; Java SE Embedded: 8u261", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T02:06:08", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14792", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java SE JDK and JRE", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u271", }, { version_affected: "=", version_value: "8u261", }, { version_affected: "=", version_value: "11.0.8", }, { version_affected: "=", version_value: "15; Java SE Embedded: 8u261", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "4.2", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20201023-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20201023-0004/", }, { name: "DSA-4779", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4779", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202101-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14792", datePublished: "2020-10-21T14:04:25", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-26T20:22:17.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2805
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 14:47
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.632Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2805", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T14:41:30.438557Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T14:47:34.000Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:44", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2805", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], }, impact: { cvss: { baseScore: "8.3", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2805", datePublished: "2020-04-15T13:29:47", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T14:47:34.000Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14579
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:37
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u261, 8u251 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:46:35.006Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202008-24", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14579", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:58:53.726663Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:37:57.254Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u261, 8u251", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:49", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202008-24", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14579", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u261, 8u251", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202008-24", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14579", datePublished: "2020-07-15T17:34:28", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:37:57.254Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14583
Vulnerability from cvelistv5
Published
2020-07-15 17:34
Modified
2024-09-27 18:37
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u261, 8u251, 11.0.7, 14.0.1 Version: Java SE Embedded: 8u251 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:53:41.875Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-14583", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:55:01.769871Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:37:10.873Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { status: "affected", version: "Java SE Embedded: 8u251", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:25", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-14583", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u261, 8u251, 11.0.7, 14.0.1", }, { version_affected: "=", version_value: "Java SE Embedded: 8u251", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], }, impact: { cvss: { baseScore: "8.3", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200717-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200717-0005/", }, { name: "FEDORA-2020-e418151dc3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/", }, { name: "FEDORA-2020-5d0b4a2b5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/", }, { name: "USN-4433-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4433-1/", }, { name: "DSA-4734", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4734", }, { name: "FEDORA-2020-508df53719", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/", }, { name: "FEDORA-2020-93cc9c3ef2", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/", }, { name: "openSUSE-SU-2020:1175", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html", }, { name: "openSUSE-SU-2020:1191", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html", }, { name: "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html", }, { name: "USN-4453-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4453-1/", }, { name: "GLSA-202008-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202008-24", }, { name: "openSUSE-SU-2020:1893", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-14583", datePublished: "2020-07-15T17:34:28", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-09-27T18:37:10.873Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2757
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:41
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u251, 8u241, 11.0.6, 14 Version: Java SE Embedded: 8u241 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.624Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2757", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T15:00:05.581818Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T15:41:34.588Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { status: "affected", version: "Java SE Embedded: 8u241", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-25T15:06:31", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2757", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u251, 8u241, 11.0.6, 14", }, { version_affected: "=", version_value: "Java SE Embedded: 8u241", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], }, impact: { cvss: { baseScore: "3.7", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200416-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200416-0004/", }, { name: "DSA-4662", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4662", }, { name: "USN-4337-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4337-1/", }, { name: "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html", }, { name: "DSA-4668", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4668", }, { name: "FEDORA-2020-5386fe3bbb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/", }, { name: "FEDORA-2020-21ca991b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/", }, { name: "FEDORA-2020-a60ad9d4ec", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/", }, { name: "openSUSE-SU-2020:0757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html", }, { name: "openSUSE-SU-2020:0800", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html", }, { name: "GLSA-202006-22", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202006-22", }, { name: "openSUSE-SU-2020:0841", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", }, { name: "GLSA-202209-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2757", datePublished: "2020-04-15T13:29:44", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-30T15:41:34.588Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.