ID CVE-2020-14782
Summary Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:11.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:11.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update271:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update271:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update261:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update261:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update261:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update261:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:7.3:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:7.3:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:vmware_vsphere:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:vmware_vsphere:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
    cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 13-05-2022 - 14:57)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat via4
rpms
  • java-11-openjdk-1:11.0.9.11-0.el8_2
  • java-11-openjdk-debuginfo-1:11.0.9.11-0.el8_2
  • java-11-openjdk-debugsource-1:11.0.9.11-0.el8_2
  • java-11-openjdk-demo-1:11.0.9.11-0.el8_2
  • java-11-openjdk-devel-1:11.0.9.11-0.el8_2
  • java-11-openjdk-devel-debuginfo-1:11.0.9.11-0.el8_2
  • java-11-openjdk-headless-1:11.0.9.11-0.el8_2
  • java-11-openjdk-headless-debuginfo-1:11.0.9.11-0.el8_2
  • java-11-openjdk-javadoc-1:11.0.9.11-0.el8_2
  • java-11-openjdk-javadoc-zip-1:11.0.9.11-0.el8_2
  • java-11-openjdk-jmods-1:11.0.9.11-0.el8_2
  • java-11-openjdk-src-1:11.0.9.11-0.el8_2
  • java-11-openjdk-static-libs-1:11.0.9.11-0.el8_2
  • java-11-openjdk-1:11.0.9.11-0.el8_1
  • java-11-openjdk-debuginfo-1:11.0.9.11-0.el8_1
  • java-11-openjdk-debugsource-1:11.0.9.11-0.el8_1
  • java-11-openjdk-demo-1:11.0.9.11-0.el8_1
  • java-11-openjdk-devel-1:11.0.9.11-0.el8_1
  • java-11-openjdk-devel-debuginfo-1:11.0.9.11-0.el8_1
  • java-11-openjdk-devel-slowdebug-debuginfo-1:11.0.9.11-0.el8_1
  • java-11-openjdk-headless-1:11.0.9.11-0.el8_1
  • java-11-openjdk-headless-debuginfo-1:11.0.9.11-0.el8_1
  • java-11-openjdk-headless-slowdebug-debuginfo-1:11.0.9.11-0.el8_1
  • java-11-openjdk-javadoc-1:11.0.9.11-0.el8_1
  • java-11-openjdk-javadoc-zip-1:11.0.9.11-0.el8_1
  • java-11-openjdk-jmods-1:11.0.9.11-0.el8_1
  • java-11-openjdk-slowdebug-debuginfo-1:11.0.9.11-0.el8_1
  • java-11-openjdk-src-1:11.0.9.11-0.el8_1
  • java-11-openjdk-1:11.0.9.11-0.el7_9
  • java-11-openjdk-debuginfo-1:11.0.9.11-0.el7_9
  • java-11-openjdk-demo-1:11.0.9.11-0.el7_9
  • java-11-openjdk-devel-1:11.0.9.11-0.el7_9
  • java-11-openjdk-headless-1:11.0.9.11-0.el7_9
  • java-11-openjdk-javadoc-1:11.0.9.11-0.el7_9
  • java-11-openjdk-javadoc-zip-1:11.0.9.11-0.el7_9
  • java-11-openjdk-jmods-1:11.0.9.11-0.el7_9
  • java-11-openjdk-src-1:11.0.9.11-0.el7_9
  • java-11-openjdk-static-libs-1:11.0.9.11-0.el7_9
  • java-11-openjdk-1:11.0.9.11-0.el8_0
  • java-11-openjdk-debuginfo-1:11.0.9.11-0.el8_0
  • java-11-openjdk-debugsource-1:11.0.9.11-0.el8_0
  • java-11-openjdk-demo-1:11.0.9.11-0.el8_0
  • java-11-openjdk-devel-1:11.0.9.11-0.el8_0
  • java-11-openjdk-devel-debuginfo-1:11.0.9.11-0.el8_0
  • java-11-openjdk-devel-slowdebug-debuginfo-1:11.0.9.11-0.el8_0
  • java-11-openjdk-headless-1:11.0.9.11-0.el8_0
  • java-11-openjdk-headless-debuginfo-1:11.0.9.11-0.el8_0
  • java-11-openjdk-headless-slowdebug-debuginfo-1:11.0.9.11-0.el8_0
  • java-11-openjdk-javadoc-1:11.0.9.11-0.el8_0
  • java-11-openjdk-javadoc-zip-1:11.0.9.11-0.el8_0
  • java-11-openjdk-jmods-1:11.0.9.11-0.el8_0
  • java-11-openjdk-slowdebug-debuginfo-1:11.0.9.11-0.el8_0
  • java-11-openjdk-src-1:11.0.9.11-0.el8_0
  • java-1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-accessibility-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-debugsource-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-demo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-devel-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-headless-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-javadoc-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-src-1:1.8.0.272.b10-1.el8_2
  • java-1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-debug-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-demo-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-devel-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-headless-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-javadoc-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-src-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-src-debug-1:1.8.0.272.b10-0.el6_10
  • java-1.8.0-openjdk-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-accessibility-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-debugsource-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-demo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-devel-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-headless-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-javadoc-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-src-1:1.8.0.272.b10-0.el8_0
  • java-1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-accessibility-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-demo-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-devel-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-headless-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-javadoc-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-src-1:1.8.0.272.b10-1.el7_9
  • java-1.8.0-openjdk-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-accessibility-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-debugsource-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-demo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-devel-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-headless-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-javadoc-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.272.b10-0.el8_1
  • java-1.8.0-openjdk-src-1:1.8.0.272.b10-0.el8_1
  • java-1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7
  • java-1.7.1-ibm-demo-1:1.7.1.4.75-1jpp.1.el7
  • java-1.7.1-ibm-devel-1:1.7.1.4.75-1jpp.1.el7
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.75-1jpp.1.el7
  • java-1.7.1-ibm-plugin-1:1.7.1.4.75-1jpp.1.el7
  • java-1.7.1-ibm-src-1:1.7.1.4.75-1jpp.1.el7
refmap via4
confirm https://security.netapp.com/advisory/ntap-20201023-0004/
debian DSA-4779
misc https://www.oracle.com/security-alerts/cpuoct2020.html
mlist [debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update
suse openSUSE-SU-2020:1893
Last major update 13-05-2022 - 14:57
Published 21-10-2020 - 15:15
Last modified 13-05-2022 - 14:57
Back to Top