ID CVE-2020-14796
Summary Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:11.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:11.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update271:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update271:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update261:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update261:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update261:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update261:*:*:*:*:*:*
  • cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:7.3:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:7.3:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:vmware_vsphere:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:vmware_vsphere:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*
    cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*
  • cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:sap:*:*
    cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:sap:*:*
  • cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 13-05-2022 - 14:57)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:N/A:N
redhat via4
rpms
  • java-11-openjdk-1:11.0.9.11-0.el8_2
  • java-11-openjdk-debuginfo-1:11.0.9.11-0.el8_2
  • java-11-openjdk-debugsource-1:11.0.9.11-0.el8_2
  • java-11-openjdk-demo-1:11.0.9.11-0.el8_2
  • java-11-openjdk-devel-1:11.0.9.11-0.el8_2
  • java-11-openjdk-devel-debuginfo-1:11.0.9.11-0.el8_2
  • java-11-openjdk-headless-1:11.0.9.11-0.el8_2
  • java-11-openjdk-headless-debuginfo-1:11.0.9.11-0.el8_2
  • java-11-openjdk-javadoc-1:11.0.9.11-0.el8_2
  • java-11-openjdk-javadoc-zip-1:11.0.9.11-0.el8_2
  • java-11-openjdk-jmods-1:11.0.9.11-0.el8_2
  • java-11-openjdk-src-1:11.0.9.11-0.el8_2
  • java-11-openjdk-static-libs-1:11.0.9.11-0.el8_2
  • java-11-openjdk-1:11.0.9.11-0.el8_1
  • java-11-openjdk-debuginfo-1:11.0.9.11-0.el8_1
  • java-11-openjdk-debugsource-1:11.0.9.11-0.el8_1
  • java-11-openjdk-demo-1:11.0.9.11-0.el8_1
  • java-11-openjdk-devel-1:11.0.9.11-0.el8_1
  • java-11-openjdk-devel-debuginfo-1:11.0.9.11-0.el8_1
  • java-11-openjdk-devel-slowdebug-debuginfo-1:11.0.9.11-0.el8_1
  • java-11-openjdk-headless-1:11.0.9.11-0.el8_1
  • java-11-openjdk-headless-debuginfo-1:11.0.9.11-0.el8_1
  • java-11-openjdk-headless-slowdebug-debuginfo-1:11.0.9.11-0.el8_1
  • java-11-openjdk-javadoc-1:11.0.9.11-0.el8_1
  • java-11-openjdk-javadoc-zip-1:11.0.9.11-0.el8_1
  • java-11-openjdk-jmods-1:11.0.9.11-0.el8_1
  • java-11-openjdk-slowdebug-debuginfo-1:11.0.9.11-0.el8_1
  • java-11-openjdk-src-1:11.0.9.11-0.el8_1
  • java-11-openjdk-1:11.0.9.11-0.el7_9
  • java-11-openjdk-debuginfo-1:11.0.9.11-0.el7_9
  • java-11-openjdk-demo-1:11.0.9.11-0.el7_9
  • java-11-openjdk-devel-1:11.0.9.11-0.el7_9
  • java-11-openjdk-headless-1:11.0.9.11-0.el7_9
  • java-11-openjdk-javadoc-1:11.0.9.11-0.el7_9
  • java-11-openjdk-javadoc-zip-1:11.0.9.11-0.el7_9
  • java-11-openjdk-jmods-1:11.0.9.11-0.el7_9
  • java-11-openjdk-src-1:11.0.9.11-0.el7_9
  • java-11-openjdk-static-libs-1:11.0.9.11-0.el7_9
  • java-11-openjdk-1:11.0.9.11-0.el8_0
  • java-11-openjdk-debuginfo-1:11.0.9.11-0.el8_0
  • java-11-openjdk-debugsource-1:11.0.9.11-0.el8_0
  • java-11-openjdk-demo-1:11.0.9.11-0.el8_0
  • java-11-openjdk-devel-1:11.0.9.11-0.el8_0
  • java-11-openjdk-devel-debuginfo-1:11.0.9.11-0.el8_0
  • java-11-openjdk-devel-slowdebug-debuginfo-1:11.0.9.11-0.el8_0
  • java-11-openjdk-headless-1:11.0.9.11-0.el8_0
  • java-11-openjdk-headless-debuginfo-1:11.0.9.11-0.el8_0
  • java-11-openjdk-headless-slowdebug-debuginfo-1:11.0.9.11-0.el8_0
  • java-11-openjdk-javadoc-1:11.0.9.11-0.el8_0
  • java-11-openjdk-javadoc-zip-1:11.0.9.11-0.el8_0
  • java-11-openjdk-jmods-1:11.0.9.11-0.el8_0
  • java-11-openjdk-slowdebug-debuginfo-1:11.0.9.11-0.el8_0
  • java-11-openjdk-src-1:11.0.9.11-0.el8_0
  • java-1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-accessibility-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-debugsource-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-demo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-devel-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-headless-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-javadoc-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-src-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-debug-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-demo-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-devel-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-headless-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-javadoc-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-src-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-src-debug-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-accessibility-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-debugsource-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-demo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-devel-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-headless-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-javadoc-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-src-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-accessibility-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-demo-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-devel-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-headless-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-javadoc-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-src-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-accessibility-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-debugsource-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-demo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-devel-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-headless-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-javadoc-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-src-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-demo-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-devel-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-jdbc-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-plugin-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-src-1:1.8.0.6.20-1jpp.1.el7
  • java-1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7
  • java-1.7.1-ibm-demo-1:1.7.1.4.75-1jpp.1.el7
  • java-1.7.1-ibm-devel-1:1.7.1.4.75-1jpp.1.el7
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.75-1jpp.1.el7
  • java-1.7.1-ibm-plugin-1:1.7.1.4.75-1jpp.1.el7
  • java-1.7.1-ibm-src-1:1.7.1.4.75-1jpp.1.el7
refmap via4
confirm https://security.netapp.com/advisory/ntap-20201023-0004/
debian DSA-4779
misc https://www.oracle.com/security-alerts/cpuoct2020.html
mlist [debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update
suse openSUSE-SU-2020:1893
Last major update 13-05-2022 - 14:57
Published 21-10-2020 - 15:15
Last modified 13-05-2022 - 14:57
Back to Top