ID CVE-2020-14577
Summary Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 01-07-2022 - 19:45)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
redhat via4
rpms
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-accessibility-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el7_8
  • java-11-openjdk-1:11.0.8.10-0.el7_8
  • java-11-openjdk-debuginfo-1:11.0.8.10-0.el7_8
  • java-11-openjdk-demo-1:11.0.8.10-0.el7_8
  • java-11-openjdk-devel-1:11.0.8.10-0.el7_8
  • java-11-openjdk-headless-1:11.0.8.10-0.el7_8
  • java-11-openjdk-javadoc-1:11.0.8.10-0.el7_8
  • java-11-openjdk-javadoc-zip-1:11.0.8.10-0.el7_8
  • java-11-openjdk-jmods-1:11.0.8.10-0.el7_8
  • java-11-openjdk-src-1:11.0.8.10-0.el7_8
  • java-11-openjdk-1:11.0.8.10-0.el8_2
  • java-11-openjdk-debuginfo-1:11.0.8.10-0.el8_2
  • java-11-openjdk-debugsource-1:11.0.8.10-0.el8_2
  • java-11-openjdk-demo-1:11.0.8.10-0.el8_2
  • java-11-openjdk-devel-1:11.0.8.10-0.el8_2
  • java-11-openjdk-devel-debuginfo-1:11.0.8.10-0.el8_2
  • java-11-openjdk-headless-1:11.0.8.10-0.el8_2
  • java-11-openjdk-headless-debuginfo-1:11.0.8.10-0.el8_2
  • java-11-openjdk-javadoc-1:11.0.8.10-0.el8_2
  • java-11-openjdk-javadoc-zip-1:11.0.8.10-0.el8_2
  • java-11-openjdk-jmods-1:11.0.8.10-0.el8_2
  • java-11-openjdk-src-1:11.0.8.10-0.el8_2
  • java-11-openjdk-static-libs-1:11.0.8.10-0.el8_2
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-accessibility-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-debugsource-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-src-debug-1:1.8.0.262.b10-0.el6_10
  • java-11-openjdk-1:11.0.8.10-0.el8_0
  • java-11-openjdk-debuginfo-1:11.0.8.10-0.el8_0
  • java-11-openjdk-debugsource-1:11.0.8.10-0.el8_0
  • java-11-openjdk-demo-1:11.0.8.10-0.el8_0
  • java-11-openjdk-devel-1:11.0.8.10-0.el8_0
  • java-11-openjdk-devel-debuginfo-1:11.0.8.10-0.el8_0
  • java-11-openjdk-devel-slowdebug-debuginfo-1:11.0.8.10-0.el8_0
  • java-11-openjdk-headless-1:11.0.8.10-0.el8_0
  • java-11-openjdk-headless-debuginfo-1:11.0.8.10-0.el8_0
  • java-11-openjdk-headless-slowdebug-debuginfo-1:11.0.8.10-0.el8_0
  • java-11-openjdk-javadoc-1:11.0.8.10-0.el8_0
  • java-11-openjdk-javadoc-zip-1:11.0.8.10-0.el8_0
  • java-11-openjdk-jmods-1:11.0.8.10-0.el8_0
  • java-11-openjdk-slowdebug-debuginfo-1:11.0.8.10-0.el8_0
  • java-11-openjdk-src-1:11.0.8.10-0.el8_0
  • java-11-openjdk-1:11.0.8.10-0.el8_1
  • java-11-openjdk-debuginfo-1:11.0.8.10-0.el8_1
  • java-11-openjdk-debugsource-1:11.0.8.10-0.el8_1
  • java-11-openjdk-demo-1:11.0.8.10-0.el8_1
  • java-11-openjdk-devel-1:11.0.8.10-0.el8_1
  • java-11-openjdk-devel-debuginfo-1:11.0.8.10-0.el8_1
  • java-11-openjdk-devel-slowdebug-debuginfo-1:11.0.8.10-0.el8_1
  • java-11-openjdk-headless-1:11.0.8.10-0.el8_1
  • java-11-openjdk-headless-debuginfo-1:11.0.8.10-0.el8_1
  • java-11-openjdk-headless-slowdebug-debuginfo-1:11.0.8.10-0.el8_1
  • java-11-openjdk-javadoc-1:11.0.8.10-0.el8_1
  • java-11-openjdk-javadoc-zip-1:11.0.8.10-0.el8_1
  • java-11-openjdk-jmods-1:11.0.8.10-0.el8_1
  • java-11-openjdk-slowdebug-debuginfo-1:11.0.8.10-0.el8_1
  • java-11-openjdk-src-1:11.0.8.10-0.el8_1
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-accessibility-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-debugsource-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-accessibility-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-debugsource-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-ibm-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-demo-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-devel-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-headless-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-jdbc-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-plugin-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-src-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-webstart-1:1.8.0.6.15-1.el8_2
  • java-1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-demo-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-devel-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-plugin-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-src-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-demo-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-devel-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-plugin-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-src-1:1.7.1.4.70-1jpp.1.el7
  • java-1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-demo-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-devel-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-jdbc-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-plugin-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-src-1:1.8.0.6.20-1jpp.1.el7
refmap via4
confirm https://security.netapp.com/advisory/ntap-20200717-0005/
debian DSA-4734
fedora
  • FEDORA-2020-508df53719
  • FEDORA-2020-5d0b4a2b5b
  • FEDORA-2020-93cc9c3ef2
  • FEDORA-2020-e418151dc3
misc https://www.oracle.com/security-alerts/cpujul2020.html
mlist [debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update
suse
  • openSUSE-SU-2020:1175
  • openSUSE-SU-2020:1191
  • openSUSE-SU-2020:1893
ubuntu
  • USN-4433-1
  • USN-4453-1
Last major update 01-07-2022 - 19:45
Published 15-07-2020 - 18:15
Last modified 01-07-2022 - 19:45
Back to Top