Vulnerability-Lookup - Search a vulnerability

Version: Java SE: 7u271
Version: 8u261
Version: 11.0.8
Version: 15; Java SE Embedded: 8u261

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:53:43.289Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
          },
          {
            "name": "DSA-4779",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4779"
          },
          {
            "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14782",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T19:44:39.909812Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T20:23:59.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u271"
            },
            {
              "status": "affected",
              "version": "8u261"
            },
            {
              "status": "affected",
              "version": "11.0.8"
            },
            {
              "status": "affected",
              "version": "15; Java SE Embedded: 8u261"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:13",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
        },
        {
          "name": "DSA-4779",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4779"
        },
        {
          "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14782",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u271"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u261"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "11.0.8"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "15; Java SE Embedded: 8u261"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201023-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
            },
            {
              "name": "DSA-4779",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4779"
            },
            {
              "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14782",
    "datePublished": "2020-10-21T14:04:25",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-26T20:23:59.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35550

Vulnerability from cvelistv5

Published

2021-10-20 10:49

Modified

2024-08-04 00:40

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2021.html
	https://security.netapp.com/advisory/ntap-20211022-0004/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/	vendor-advisory
	https://www.debian.org/security/2021/dsa-5000	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	mailing-list
	https://security.gentoo.org/glsa/202209-05	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor

Product

Version

▼

Version: Java SE:7u311
Version: Java SE:8u301
Version: Java SE:11.0.12
Version: Oracle GraalVM Enterprise Edition:20.3.3
Version: Oracle GraalVM Enterprise Edition:21.2.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-35550",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-24T14:29:28.454778Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-24T14:30:11.763Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:46.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "name": "FEDORA-2021-35145352b0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
          },
          {
            "name": "FEDORA-2021-7701833090",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
          },
          {
            "name": "FEDORA-2021-9a51a6f8b1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
          },
          {
            "name": "FEDORA-2021-1cc8ffd122",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
          },
          {
            "name": "FEDORA-2021-eb3e3e87d3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
          },
          {
            "name": "FEDORA-2021-107c8c5063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
          },
          {
            "name": "DSA-5000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5000"
          },
          {
            "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE:7u311"
            },
            {
              "status": "affected",
              "version": "Java SE:8u301"
            },
            {
              "status": "affected",
              "version": "Java SE:11.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.3"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:58.485392",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "name": "FEDORA-2021-35145352b0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
        },
        {
          "name": "FEDORA-2021-7701833090",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
        },
        {
          "name": "FEDORA-2021-9a51a6f8b1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
        },
        {
          "name": "FEDORA-2021-1cc8ffd122",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
        },
        {
          "name": "FEDORA-2021-eb3e3e87d3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
        },
        {
          "name": "FEDORA-2021-107c8c5063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
        },
        {
          "name": "DSA-5000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5000"
        },
        {
          "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-35550",
    "datePublished": "2021-10-20T10:49:59",
    "dateReserved": "2021-06-28T00:00:00",
    "dateUpdated": "2024-08-04T00:40:46.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14579

Vulnerability from cvelistv5

Published

2020-07-15 17:34

Modified

2024-09-27 18:37

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200717-0005/	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/	vendor-advisory, x_refsource_FEDORA
	https://www.debian.org/security/2020/dsa-4734	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4453-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/202008-24	vendor-advisory, x_refsource_GENTOO
	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u261, 8u251
Version: Java SE Embedded: 8u251

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:35.006Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
          },
          {
            "name": "FEDORA-2020-e418151dc3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
          },
          {
            "name": "DSA-4734",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4734"
          },
          {
            "name": "FEDORA-2020-508df53719",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
          },
          {
            "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
          },
          {
            "name": "USN-4453-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4453-1/"
          },
          {
            "name": "GLSA-202008-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202008-24"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14579",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T17:58:53.726663Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T18:37:57.254Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u261, 8u251"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u251"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:49",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
        },
        {
          "name": "FEDORA-2020-e418151dc3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
        },
        {
          "name": "DSA-4734",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4734"
        },
        {
          "name": "FEDORA-2020-508df53719",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
        },
        {
          "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
        },
        {
          "name": "USN-4453-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4453-1/"
        },
        {
          "name": "GLSA-202008-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202008-24"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14579",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u261, 8u251"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u251"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
            },
            {
              "name": "FEDORA-2020-e418151dc3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
            },
            {
              "name": "DSA-4734",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4734"
            },
            {
              "name": "FEDORA-2020-508df53719",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
            },
            {
              "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
            },
            {
              "name": "USN-4453-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4453-1/"
            },
            {
              "name": "GLSA-202008-24",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202008-24"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14579",
    "datePublished": "2020-07-15T17:34:28",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-27T18:37:57.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2757

Vulnerability from cvelistv5

Published

2020-04-15 13:29

Modified

2024-09-30 15:41

Severity ?

3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200416-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4662	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/4337-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4668	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202006-22	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	vendor-advisory, x_refsource_SUSE
	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u251, 8u241, 11.0.6, 14
Version: Java SE Embedded: 8u241

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.624Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
          },
          {
            "name": "DSA-4662",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4662"
          },
          {
            "name": "USN-4337-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4337-1/"
          },
          {
            "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
          },
          {
            "name": "DSA-4668",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4668"
          },
          {
            "name": "FEDORA-2020-5386fe3bbb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
          },
          {
            "name": "FEDORA-2020-21ca991b3b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
          },
          {
            "name": "FEDORA-2020-a60ad9d4ec",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
          },
          {
            "name": "openSUSE-SU-2020:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2020:0800",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
          },
          {
            "name": "GLSA-202006-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-22"
          },
          {
            "name": "openSUSE-SU-2020:0841",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2757",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:00:05.581818Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T15:41:34.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u251, 8u241, 11.0.6, 14"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u241"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:31",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
        },
        {
          "name": "DSA-4662",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4662"
        },
        {
          "name": "USN-4337-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4337-1/"
        },
        {
          "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
        },
        {
          "name": "DSA-4668",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4668"
        },
        {
          "name": "FEDORA-2020-5386fe3bbb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
        },
        {
          "name": "FEDORA-2020-21ca991b3b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
        },
        {
          "name": "FEDORA-2020-a60ad9d4ec",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
        },
        {
          "name": "openSUSE-SU-2020:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2020:0800",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
        },
        {
          "name": "GLSA-202006-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-22"
        },
        {
          "name": "openSUSE-SU-2020:0841",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2757",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u251, 8u241, 11.0.6, 14"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u241"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
            },
            {
              "name": "DSA-4662",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4662"
            },
            {
              "name": "USN-4337-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4337-1/"
            },
            {
              "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
            },
            {
              "name": "DSA-4668",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4668"
            },
            {
              "name": "FEDORA-2020-5386fe3bbb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
            },
            {
              "name": "FEDORA-2020-21ca991b3b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
            },
            {
              "name": "FEDORA-2020-a60ad9d4ec",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
            },
            {
              "name": "openSUSE-SU-2020:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2020:0800",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
            },
            {
              "name": "GLSA-202006-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-22"
            },
            {
              "name": "openSUSE-SU-2020:0841",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2757",
    "datePublished": "2020-04-15T13:29:44",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T15:41:34.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21365

Vulnerability from cvelistv5

Published

2022-01-19 11:25

Modified

2024-11-19 19:09

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u321
Version: Oracle Java SE:8u311
Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21365",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-30T20:59:23.165168Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T19:09:11.601Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:22.839Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21365",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21365",
    "datePublished": "2022-01-19T11:25:47",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-11-19T19:09:11.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2590

Vulnerability from cvelistv5

Published

2020-01-15 16:34

Modified

2024-09-30 16:30

Severity ?

3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2020:0128	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0122	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2020/dsa-4605	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Jan/24	mailing-list, x_refsource_BUGTRAQ
	https://access.redhat.com/errata/RHSA-2020:0157	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0196	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20200122-0003/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2020:0232	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0231	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0202	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/4257-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2020/dsa-4621	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Feb/22	mailing-list, x_refsource_BUGTRAQ
	https://access.redhat.com/errata/RHSA-2020:0541	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0632	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	mailing-list, x_refsource_MLIST
	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202101-19	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1
Version: Java SE Embedded: 8u231

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:09:54.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "RHSA-2020:0128",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0128"
          },
          {
            "name": "RHSA-2020:0122",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0122"
          },
          {
            "name": "DSA-4605",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4605"
          },
          {
            "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/24"
          },
          {
            "name": "RHSA-2020:0157",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0157"
          },
          {
            "name": "RHSA-2020:0196",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0196"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
          },
          {
            "name": "openSUSE-SU-2020:0113",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
          },
          {
            "name": "openSUSE-SU-2020:0147",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
          },
          {
            "name": "RHSA-2020:0232",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0232"
          },
          {
            "name": "RHSA-2020:0231",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0231"
          },
          {
            "name": "RHSA-2020:0202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0202"
          },
          {
            "name": "USN-4257-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4257-1/"
          },
          {
            "name": "DSA-4621",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4621"
          },
          {
            "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Feb/22"
          },
          {
            "name": "RHSA-2020:0541",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0541"
          },
          {
            "name": "RHSA-2020:0632",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0632"
          },
          {
            "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2590",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:04:44.827068Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T16:30:10.889Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u231"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:15",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "RHSA-2020:0128",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0128"
        },
        {
          "name": "RHSA-2020:0122",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0122"
        },
        {
          "name": "DSA-4605",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4605"
        },
        {
          "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/24"
        },
        {
          "name": "RHSA-2020:0157",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0157"
        },
        {
          "name": "RHSA-2020:0196",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0196"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
        },
        {
          "name": "openSUSE-SU-2020:0113",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
        },
        {
          "name": "openSUSE-SU-2020:0147",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
        },
        {
          "name": "RHSA-2020:0232",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0232"
        },
        {
          "name": "RHSA-2020:0231",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0231"
        },
        {
          "name": "RHSA-2020:0202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0202"
        },
        {
          "name": "USN-4257-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4257-1/"
        },
        {
          "name": "DSA-4621",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4621"
        },
        {
          "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Feb/22"
        },
        {
          "name": "RHSA-2020:0541",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0541"
        },
        {
          "name": "RHSA-2020:0632",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0632"
        },
        {
          "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2590",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u231"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "RHSA-2020:0128",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0128"
            },
            {
              "name": "RHSA-2020:0122",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0122"
            },
            {
              "name": "DSA-4605",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4605"
            },
            {
              "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/24"
            },
            {
              "name": "RHSA-2020:0157",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0157"
            },
            {
              "name": "RHSA-2020:0196",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0196"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
            },
            {
              "name": "openSUSE-SU-2020:0113",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
            },
            {
              "name": "openSUSE-SU-2020:0147",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
            },
            {
              "name": "RHSA-2020:0232",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0232"
            },
            {
              "name": "RHSA-2020:0231",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0231"
            },
            {
              "name": "RHSA-2020:0202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0202"
            },
            {
              "name": "USN-4257-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4257-1/"
            },
            {
              "name": "DSA-4621",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4621"
            },
            {
              "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Feb/22"
            },
            {
              "name": "RHSA-2020:0541",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0541"
            },
            {
              "name": "RHSA-2020:0632",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0632"
            },
            {
              "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2590",
    "datePublished": "2020-01-15T16:34:02",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T16:30:10.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2755

Vulnerability from cvelistv5

Published

2020-04-15 13:29

Modified

2024-09-30 15:41

Severity ?

3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200416-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4662	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/4337-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2020/dsa-4668	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202006-22	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	vendor-advisory, x_refsource_SUSE
	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 8u241, 11.0.6, 14
Version: Java SE Embedded: 8u241

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
          },
          {
            "name": "DSA-4662",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4662"
          },
          {
            "name": "USN-4337-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4337-1/"
          },
          {
            "name": "DSA-4668",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4668"
          },
          {
            "name": "FEDORA-2020-5386fe3bbb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
          },
          {
            "name": "FEDORA-2020-21ca991b3b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
          },
          {
            "name": "FEDORA-2020-a60ad9d4ec",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
          },
          {
            "name": "openSUSE-SU-2020:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2020:0800",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
          },
          {
            "name": "GLSA-202006-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-22"
          },
          {
            "name": "openSUSE-SU-2020:0841",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2755",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:00:10.185809Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T15:41:54.140Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 8u241, 11.0.6, 14"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u241"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:51",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
        },
        {
          "name": "DSA-4662",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4662"
        },
        {
          "name": "USN-4337-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4337-1/"
        },
        {
          "name": "DSA-4668",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4668"
        },
        {
          "name": "FEDORA-2020-5386fe3bbb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
        },
        {
          "name": "FEDORA-2020-21ca991b3b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
        },
        {
          "name": "FEDORA-2020-a60ad9d4ec",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
        },
        {
          "name": "openSUSE-SU-2020:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2020:0800",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
        },
        {
          "name": "GLSA-202006-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-22"
        },
        {
          "name": "openSUSE-SU-2020:0841",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2755",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 8u241, 11.0.6, 14"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u241"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
            },
            {
              "name": "DSA-4662",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4662"
            },
            {
              "name": "USN-4337-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4337-1/"
            },
            {
              "name": "DSA-4668",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4668"
            },
            {
              "name": "FEDORA-2020-5386fe3bbb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
            },
            {
              "name": "FEDORA-2020-21ca991b3b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
            },
            {
              "name": "FEDORA-2020-a60ad9d4ec",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
            },
            {
              "name": "openSUSE-SU-2020:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2020:0800",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
            },
            {
              "name": "GLSA-202006-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-22"
            },
            {
              "name": "openSUSE-SU-2020:0841",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2755",
    "datePublished": "2020-04-15T13:29:44",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T15:41:54.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2803

Vulnerability from cvelistv5

Published

2020-04-15 13:29

Modified

2024-09-30 14:48

Severity ?

8.3 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200416-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4662	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/4337-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4668	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202006-22	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u251, 8u241, 11.0.6, 14
Version: Java SE Embedded: 8u241

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.732Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
          },
          {
            "name": "DSA-4662",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4662"
          },
          {
            "name": "USN-4337-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4337-1/"
          },
          {
            "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
          },
          {
            "name": "DSA-4668",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4668"
          },
          {
            "name": "FEDORA-2020-5386fe3bbb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
          },
          {
            "name": "FEDORA-2020-21ca991b3b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
          },
          {
            "name": "FEDORA-2020-a60ad9d4ec",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
          },
          {
            "name": "openSUSE-SU-2020:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2020:0800",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
          },
          {
            "name": "GLSA-202006-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-22"
          },
          {
            "name": "openSUSE-SU-2020:0841",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2803",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T14:41:31.754667Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T14:48:44.826Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u251, 8u241, 11.0.6, 14"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u241"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:36",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
        },
        {
          "name": "DSA-4662",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4662"
        },
        {
          "name": "USN-4337-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4337-1/"
        },
        {
          "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
        },
        {
          "name": "DSA-4668",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4668"
        },
        {
          "name": "FEDORA-2020-5386fe3bbb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
        },
        {
          "name": "FEDORA-2020-21ca991b3b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
        },
        {
          "name": "FEDORA-2020-a60ad9d4ec",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
        },
        {
          "name": "openSUSE-SU-2020:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2020:0800",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
        },
        {
          "name": "GLSA-202006-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-22"
        },
        {
          "name": "openSUSE-SU-2020:0841",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2803",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u251, 8u241, 11.0.6, 14"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u241"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "8.3",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
            },
            {
              "name": "DSA-4662",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4662"
            },
            {
              "name": "USN-4337-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4337-1/"
            },
            {
              "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
            },
            {
              "name": "DSA-4668",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4668"
            },
            {
              "name": "FEDORA-2020-5386fe3bbb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
            },
            {
              "name": "FEDORA-2020-21ca991b3b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
            },
            {
              "name": "FEDORA-2020-a60ad9d4ec",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
            },
            {
              "name": "openSUSE-SU-2020:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2020:0800",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
            },
            {
              "name": "GLSA-202006-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-22"
            },
            {
              "name": "openSUSE-SU-2020:0841",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2803",
    "datePublished": "2020-04-15T13:29:47",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T14:48:44.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21305

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u321
Version: Oracle Java SE:8u311
Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:02.221Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21305",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21305",
    "datePublished": "2022-01-19T11:23:55",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:55.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14556

Vulnerability from cvelistv5

Published

2020-07-15 17:34

Modified

2024-09-27 18:41

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200717-0005/	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/	vendor-advisory, x_refsource_FEDORA
	https://usn.ubuntu.com/4433-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2020/dsa-4734	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	vendor-advisory, x_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4453-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/202008-24	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 8u251, 11.0.7, 14.0.1
Version: Java SE Embedded: 8u251

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:34.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
          },
          {
            "name": "FEDORA-2020-e418151dc3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
          },
          {
            "name": "FEDORA-2020-5d0b4a2b5b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
          },
          {
            "name": "USN-4433-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4433-1/"
          },
          {
            "name": "DSA-4734",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4734"
          },
          {
            "name": "FEDORA-2020-508df53719",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
          },
          {
            "name": "FEDORA-2020-93cc9c3ef2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
          },
          {
            "name": "openSUSE-SU-2020:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
          },
          {
            "name": "openSUSE-SU-2020:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
          },
          {
            "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
          },
          {
            "name": "USN-4453-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4453-1/"
          },
          {
            "name": "GLSA-202008-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202008-24"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14556",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T17:59:18.810625Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T18:41:03.969Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 8u251, 11.0.7, 14.0.1"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u251"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:26",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
        },
        {
          "name": "FEDORA-2020-e418151dc3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
        },
        {
          "name": "FEDORA-2020-5d0b4a2b5b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
        },
        {
          "name": "USN-4433-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4433-1/"
        },
        {
          "name": "DSA-4734",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4734"
        },
        {
          "name": "FEDORA-2020-508df53719",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
        },
        {
          "name": "FEDORA-2020-93cc9c3ef2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
        },
        {
          "name": "openSUSE-SU-2020:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
        },
        {
          "name": "openSUSE-SU-2020:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
        },
        {
          "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
        },
        {
          "name": "USN-4453-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4453-1/"
        },
        {
          "name": "GLSA-202008-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202008-24"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14556",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 8u251, 11.0.7, 14.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u251"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "4.8",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
            },
            {
              "name": "FEDORA-2020-e418151dc3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
            },
            {
              "name": "FEDORA-2020-5d0b4a2b5b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
            },
            {
              "name": "USN-4433-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4433-1/"
            },
            {
              "name": "DSA-4734",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4734"
            },
            {
              "name": "FEDORA-2020-508df53719",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
            },
            {
              "name": "FEDORA-2020-93cc9c3ef2",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
            },
            {
              "name": "openSUSE-SU-2020:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
            },
            {
              "name": "openSUSE-SU-2020:1191",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
            },
            {
              "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
            },
            {
              "name": "USN-4453-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4453-1/"
            },
            {
              "name": "GLSA-202008-24",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202008-24"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14556",
    "datePublished": "2020-07-15T17:34:27",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-27T18:41:03.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21340

Vulnerability from cvelistv5

Published

2022-01-19 11:24

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u321
Version: Oracle Java SE:8u311
Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:47.711Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21340",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21340",
    "datePublished": "2022-01-19T11:24:59",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:55.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35588

Vulnerability from cvelistv5

Published

2021-10-20 10:50

Modified

2024-08-04 00:40

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2021.html
	https://security.netapp.com/advisory/ntap-20211022-0004/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	mailing-list
	https://security.gentoo.org/glsa/202209-05	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor

Product

Version

▼

Version: Java SE:7u311
Version: Java SE:8u301
Version: Oracle GraalVM Enterprise Edition:20.3.3
Version: Oracle GraalVM Enterprise Edition:21.2.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-35588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T19:11:40.314837Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T19:11:50.320Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:47.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "name": "FEDORA-2021-7701833090",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
          },
          {
            "name": "FEDORA-2021-1cc8ffd122",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
          },
          {
            "name": "FEDORA-2021-107c8c5063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
          },
          {
            "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE:7u311"
            },
            {
              "status": "affected",
              "version": "Java SE:8u301"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.3"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:08:08.052182",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "name": "FEDORA-2021-7701833090",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
        },
        {
          "name": "FEDORA-2021-1cc8ffd122",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
        },
        {
          "name": "FEDORA-2021-107c8c5063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
        },
        {
          "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-35588",
    "datePublished": "2021-10-20T10:50:31",
    "dateReserved": "2021-06-28T00:00:00",
    "dateUpdated": "2024-08-04T00:40:47.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14797

Vulnerability from cvelistv5

Published

2020-10-21 14:04

Modified

2024-09-26 20:21

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20201023-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4779	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202101-19	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u271
Version: 8u261
Version: 11.0.8
Version: 15; Java SE Embedded: 8u261

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:00:50.808Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
          },
          {
            "name": "DSA-4779",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4779"
          },
          {
            "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14797",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T19:44:18.443567Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T20:21:26.609Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u271"
            },
            {
              "status": "affected",
              "version": "8u261"
            },
            {
              "status": "affected",
              "version": "11.0.8"
            },
            {
              "status": "affected",
              "version": "15; Java SE Embedded: 8u261"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:11",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
        },
        {
          "name": "DSA-4779",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4779"
        },
        {
          "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14797",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u271"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u261"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "11.0.8"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "15; Java SE Embedded: 8u261"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201023-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
            },
            {
              "name": "DSA-4779",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4779"
            },
            {
              "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14797",
    "datePublished": "2020-10-21T14:04:25",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-26T20:21:26.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14578

Vulnerability from cvelistv5

Published

2020-07-15 17:34

Modified

2024-09-27 18:38

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200717-0005/	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/	vendor-advisory, x_refsource_FEDORA
	https://www.debian.org/security/2020/dsa-4734	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4453-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/202008-24	vendor-advisory, x_refsource_GENTOO
	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u261, 8u251
Version: Java SE Embedded: 8u251

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:34.793Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
          },
          {
            "name": "FEDORA-2020-e418151dc3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
          },
          {
            "name": "DSA-4734",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4734"
          },
          {
            "name": "FEDORA-2020-508df53719",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
          },
          {
            "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
          },
          {
            "name": "USN-4453-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4453-1/"
          },
          {
            "name": "GLSA-202008-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202008-24"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14578",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T17:58:55.382224Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T18:38:05.115Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u261, 8u251"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u251"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:28",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
        },
        {
          "name": "FEDORA-2020-e418151dc3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
        },
        {
          "name": "DSA-4734",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4734"
        },
        {
          "name": "FEDORA-2020-508df53719",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
        },
        {
          "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
        },
        {
          "name": "USN-4453-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4453-1/"
        },
        {
          "name": "GLSA-202008-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202008-24"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14578",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u261, 8u251"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u251"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
            },
            {
              "name": "FEDORA-2020-e418151dc3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
            },
            {
              "name": "DSA-4734",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4734"
            },
            {
              "name": "FEDORA-2020-508df53719",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
            },
            {
              "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
            },
            {
              "name": "USN-4453-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4453-1/"
            },
            {
              "name": "GLSA-202008-24",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202008-24"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14578",
    "datePublished": "2020-07-15T17:34:28",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-27T18:38:05.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2601

Vulnerability from cvelistv5

Published

2020-01-15 16:34

Modified

2024-09-30 16:22

Severity ?

6.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2020:0128	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0122	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2020/dsa-4605	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Jan/24	mailing-list, x_refsource_BUGTRAQ
	https://access.redhat.com/errata/RHSA-2020:0157	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0196	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20200122-0003/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2020:0232	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0231	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0202	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/4257-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2020/dsa-4621	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Feb/22	mailing-list, x_refsource_BUGTRAQ
	https://access.redhat.com/errata/RHSA-2020:0541	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0632	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202101-19	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1
Version: Java SE Embedded: 8u231

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:09:54.842Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "RHSA-2020:0128",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0128"
          },
          {
            "name": "RHSA-2020:0122",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0122"
          },
          {
            "name": "DSA-4605",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4605"
          },
          {
            "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/24"
          },
          {
            "name": "RHSA-2020:0157",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0157"
          },
          {
            "name": "RHSA-2020:0196",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0196"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
          },
          {
            "name": "openSUSE-SU-2020:0113",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
          },
          {
            "name": "openSUSE-SU-2020:0147",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
          },
          {
            "name": "RHSA-2020:0232",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0232"
          },
          {
            "name": "RHSA-2020:0231",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0231"
          },
          {
            "name": "RHSA-2020:0202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0202"
          },
          {
            "name": "USN-4257-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4257-1/"
          },
          {
            "name": "DSA-4621",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4621"
          },
          {
            "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Feb/22"
          },
          {
            "name": "RHSA-2020:0541",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0541"
          },
          {
            "name": "RHSA-2020:0632",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0632"
          },
          {
            "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2601",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:04:27.899340Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T16:22:28.344Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u231"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded.  While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:17",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "RHSA-2020:0128",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0128"
        },
        {
          "name": "RHSA-2020:0122",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0122"
        },
        {
          "name": "DSA-4605",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4605"
        },
        {
          "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/24"
        },
        {
          "name": "RHSA-2020:0157",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0157"
        },
        {
          "name": "RHSA-2020:0196",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0196"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
        },
        {
          "name": "openSUSE-SU-2020:0113",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
        },
        {
          "name": "openSUSE-SU-2020:0147",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
        },
        {
          "name": "RHSA-2020:0232",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0232"
        },
        {
          "name": "RHSA-2020:0231",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0231"
        },
        {
          "name": "RHSA-2020:0202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0202"
        },
        {
          "name": "USN-4257-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4257-1/"
        },
        {
          "name": "DSA-4621",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4621"
        },
        {
          "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Feb/22"
        },
        {
          "name": "RHSA-2020:0541",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0541"
        },
        {
          "name": "RHSA-2020:0632",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0632"
        },
        {
          "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2601",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u231"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "6.8",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded.  While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "RHSA-2020:0128",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0128"
            },
            {
              "name": "RHSA-2020:0122",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0122"
            },
            {
              "name": "DSA-4605",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4605"
            },
            {
              "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/24"
            },
            {
              "name": "RHSA-2020:0157",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0157"
            },
            {
              "name": "RHSA-2020:0196",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0196"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
            },
            {
              "name": "openSUSE-SU-2020:0113",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
            },
            {
              "name": "openSUSE-SU-2020:0147",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
            },
            {
              "name": "RHSA-2020:0232",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0232"
            },
            {
              "name": "RHSA-2020:0231",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0231"
            },
            {
              "name": "RHSA-2020:0202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0202"
            },
            {
              "name": "USN-4257-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4257-1/"
            },
            {
              "name": "DSA-4621",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4621"
            },
            {
              "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Feb/22"
            },
            {
              "name": "RHSA-2020:0541",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0541"
            },
            {
              "name": "RHSA-2020:0632",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0632"
            },
            {
              "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2601",
    "datePublished": "2020-01-15T16:34:02",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T16:22:28.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21283

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:54.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "FEDORA-2022-477401b0f7",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:39.446Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "FEDORA-2022-477401b0f7",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21283",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "FEDORA-2022-477401b0f7",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21283",
    "datePublished": "2022-01-19T11:23:13",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:54.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21449

Vulnerability from cvelistv5

Published

2022-04-19 20:37

Modified

2024-09-24 20:10

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2022/04/28/2	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/04/28/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/04/28/4	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/04/28/5	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/04/28/6	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/04/28/7	mailing-list, x_refsource_MLIST
	https://security.netapp.com/advisory/ntap-20220429-0006/	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2022/04/29/1	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/04/30/1	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/04/30/2	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/04/30/4	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/04/30/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/05/01/1	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/05/01/2	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/05/02/1	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2022/dsa-5128	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5131	vendor-advisory, x_refsource_DEBIAN

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:17.0.2
Version: Oracle Java SE:18
Version: Oracle GraalVM Enterprise Edition:21.3.1
Version: Oracle GraalVM Enterprise Edition:22.0.0.2

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:56.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "name": "[oss-security] 20220428 CVE-2022-21449 and version reporting",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/28/2"
          },
          {
            "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/28/3"
          },
          {
            "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/28/4"
          },
          {
            "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/28/5"
          },
          {
            "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/28/6"
          },
          {
            "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/28/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
          },
          {
            "name": "[oss-security] 20220429 Re: CVE-2022-21449 and version reporting",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/29/1"
          },
          {
            "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/30/1"
          },
          {
            "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/30/2"
          },
          {
            "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/30/4"
          },
          {
            "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/30/3"
          },
          {
            "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/05/01/1"
          },
          {
            "name": "[oss-security] 20220501 Re: CVE-2022-21449 and version reporting",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/05/01/2"
          },
          {
            "name": "[oss-security] 20220502 Re: CVE-2022-21449 and version reporting",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/05/02/1"
          },
          {
            "name": "DSA-5128",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5128"
          },
          {
            "name": "DSA-5131",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5131"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21449",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T13:53:54.479041Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T20:10:30.389Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.2"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:18"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-05T22:06:07",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "name": "[oss-security] 20220428 CVE-2022-21449 and version reporting",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/28/2"
        },
        {
          "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/28/3"
        },
        {
          "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/28/4"
        },
        {
          "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/28/5"
        },
        {
          "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/28/6"
        },
        {
          "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/28/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
        },
        {
          "name": "[oss-security] 20220429 Re: CVE-2022-21449 and version reporting",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/29/1"
        },
        {
          "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/30/1"
        },
        {
          "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/30/2"
        },
        {
          "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/30/4"
        },
        {
          "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/30/3"
        },
        {
          "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/05/01/1"
        },
        {
          "name": "[oss-security] 20220501 Re: CVE-2022-21449 and version reporting",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/05/01/2"
        },
        {
          "name": "[oss-security] 20220502 Re: CVE-2022-21449 and version reporting",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/05/02/1"
        },
        {
          "name": "DSA-5128",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5128"
        },
        {
          "name": "DSA-5131",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5131"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:18"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:22.0.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "7.5",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "[oss-security] 20220428 CVE-2022-21449 and version reporting",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/28/2"
            },
            {
              "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/28/3"
            },
            {
              "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/28/4"
            },
            {
              "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/28/5"
            },
            {
              "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/28/6"
            },
            {
              "name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/28/7"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220429-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
            },
            {
              "name": "[oss-security] 20220429 Re: CVE-2022-21449 and version reporting",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/29/1"
            },
            {
              "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/30/1"
            },
            {
              "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/30/2"
            },
            {
              "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/30/4"
            },
            {
              "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/30/3"
            },
            {
              "name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/05/01/1"
            },
            {
              "name": "[oss-security] 20220501 Re: CVE-2022-21449 and version reporting",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/05/01/2"
            },
            {
              "name": "[oss-security] 20220502 Re: CVE-2022-21449 and version reporting",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/05/02/1"
            },
            {
              "name": "DSA-5128",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5128"
            },
            {
              "name": "DSA-5131",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5131"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21449",
    "datePublished": "2022-04-19T20:37:39",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-09-24T20:10:30.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14621

Vulnerability from cvelistv5

Published

2020-07-15 17:34

Modified

2024-09-27 18:31

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200717-0005/	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/	vendor-advisory, x_refsource_FEDORA
	https://usn.ubuntu.com/4433-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2020/dsa-4734	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	vendor-advisory, x_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4453-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/202008-24	vendor-advisory, x_refsource_GENTOO
	https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E	mailing-list, x_refsource_MLIST
	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u261, 8u251, 11.0.7, 14.0.1
Version: Java SE Embedded: 8u251

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:53:42.540Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
          },
          {
            "name": "FEDORA-2020-e418151dc3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
          },
          {
            "name": "FEDORA-2020-5d0b4a2b5b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
          },
          {
            "name": "USN-4433-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4433-1/"
          },
          {
            "name": "DSA-4734",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4734"
          },
          {
            "name": "FEDORA-2020-508df53719",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
          },
          {
            "name": "FEDORA-2020-93cc9c3ef2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
          },
          {
            "name": "openSUSE-SU-2020:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
          },
          {
            "name": "openSUSE-SU-2020:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
          },
          {
            "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
          },
          {
            "name": "USN-4453-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4453-1/"
          },
          {
            "name": "GLSA-202008-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202008-24"
          },
          {
            "name": "[xerces-j-users] 20201014 Security vulnerability in 2.12.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14621",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T17:53:09.488159Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T18:31:06.202Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u261, 8u251, 11.0.7, 14.0.1"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u251"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:38",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
        },
        {
          "name": "FEDORA-2020-e418151dc3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
        },
        {
          "name": "FEDORA-2020-5d0b4a2b5b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
        },
        {
          "name": "USN-4433-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4433-1/"
        },
        {
          "name": "DSA-4734",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4734"
        },
        {
          "name": "FEDORA-2020-508df53719",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
        },
        {
          "name": "FEDORA-2020-93cc9c3ef2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
        },
        {
          "name": "openSUSE-SU-2020:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
        },
        {
          "name": "openSUSE-SU-2020:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
        },
        {
          "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
        },
        {
          "name": "USN-4453-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4453-1/"
        },
        {
          "name": "GLSA-202008-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202008-24"
        },
        {
          "name": "[xerces-j-users] 20201014 Security vulnerability in 2.12.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14621",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u261, 8u251, 11.0.7, 14.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u251"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
            },
            {
              "name": "FEDORA-2020-e418151dc3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
            },
            {
              "name": "FEDORA-2020-5d0b4a2b5b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
            },
            {
              "name": "USN-4433-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4433-1/"
            },
            {
              "name": "DSA-4734",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4734"
            },
            {
              "name": "FEDORA-2020-508df53719",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
            },
            {
              "name": "FEDORA-2020-93cc9c3ef2",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
            },
            {
              "name": "openSUSE-SU-2020:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
            },
            {
              "name": "openSUSE-SU-2020:1191",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
            },
            {
              "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
            },
            {
              "name": "USN-4453-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4453-1/"
            },
            {
              "name": "GLSA-202008-24",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202008-24"
            },
            {
              "name": "[xerces-j-users] 20201014 Security vulnerability in 2.12.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103@%3Cj-users.xerces.apache.org%3E"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14621",
    "datePublished": "2020-07-15T17:34:30",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-27T18:31:06.202Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35556

Vulnerability from cvelistv5

Published

2021-10-20 10:50

Modified

2024-08-04 00:40

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2021.html
	https://security.netapp.com/advisory/ntap-20211022-0004/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/	vendor-advisory
	https://www.debian.org/security/2021/dsa-5000	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	mailing-list
	https://www.debian.org/security/2021/dsa-5012	vendor-advisory
	https://security.gentoo.org/glsa/202209-05	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor

Product

Version

▼

Version: Java SE:7u311
Version: Java SE:8u301
Version: Java SE:11.0.12
Version: Java SE:17
Version: Oracle GraalVM Enterprise Edition:20.3.3
Version: Oracle GraalVM Enterprise Edition:21.2.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:47.103Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "name": "FEDORA-2021-35145352b0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
          },
          {
            "name": "FEDORA-2021-7701833090",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
          },
          {
            "name": "FEDORA-2021-9a51a6f8b1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
          },
          {
            "name": "FEDORA-2021-1cc8ffd122",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
          },
          {
            "name": "FEDORA-2021-eb3e3e87d3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
          },
          {
            "name": "FEDORA-2021-107c8c5063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
          },
          {
            "name": "DSA-5000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5000"
          },
          {
            "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
          },
          {
            "name": "DSA-5012",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5012"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE:7u311"
            },
            {
              "status": "affected",
              "version": "Java SE:8u301"
            },
            {
              "status": "affected",
              "version": "Java SE:11.0.12"
            },
            {
              "status": "affected",
              "version": "Java SE:17"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.3"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:17.736085",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "name": "FEDORA-2021-35145352b0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
        },
        {
          "name": "FEDORA-2021-7701833090",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
        },
        {
          "name": "FEDORA-2021-9a51a6f8b1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
        },
        {
          "name": "FEDORA-2021-1cc8ffd122",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
        },
        {
          "name": "FEDORA-2021-eb3e3e87d3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
        },
        {
          "name": "FEDORA-2021-107c8c5063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
        },
        {
          "name": "DSA-5000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5000"
        },
        {
          "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
        },
        {
          "name": "DSA-5012",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5012"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-35556",
    "datePublished": "2021-10-20T10:50:04",
    "dateReserved": "2021-06-28T00:00:00",
    "dateUpdated": "2024-08-04T00:40:47.103Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2756

Vulnerability from cvelistv5

Published

2020-04-15 13:29

Modified

2024-09-30 15:41

Severity ?

3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200416-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4662	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/4337-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4668	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202006-22	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	vendor-advisory, x_refsource_SUSE
	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u251, 8u241, 11.0.6, 14
Version: Java SE Embedded: 8u241

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
          },
          {
            "name": "DSA-4662",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4662"
          },
          {
            "name": "USN-4337-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4337-1/"
          },
          {
            "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
          },
          {
            "name": "DSA-4668",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4668"
          },
          {
            "name": "FEDORA-2020-5386fe3bbb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
          },
          {
            "name": "FEDORA-2020-21ca991b3b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
          },
          {
            "name": "FEDORA-2020-a60ad9d4ec",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
          },
          {
            "name": "openSUSE-SU-2020:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2020:0800",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
          },
          {
            "name": "GLSA-202006-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-22"
          },
          {
            "name": "openSUSE-SU-2020:0841",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2756",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:00:07.558268Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T15:41:43.953Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u251, 8u241, 11.0.6, 14"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u241"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:33",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
        },
        {
          "name": "DSA-4662",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4662"
        },
        {
          "name": "USN-4337-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4337-1/"
        },
        {
          "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
        },
        {
          "name": "DSA-4668",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4668"
        },
        {
          "name": "FEDORA-2020-5386fe3bbb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
        },
        {
          "name": "FEDORA-2020-21ca991b3b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
        },
        {
          "name": "FEDORA-2020-a60ad9d4ec",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
        },
        {
          "name": "openSUSE-SU-2020:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2020:0800",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
        },
        {
          "name": "GLSA-202006-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-22"
        },
        {
          "name": "openSUSE-SU-2020:0841",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2756",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u251, 8u241, 11.0.6, 14"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u241"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
            },
            {
              "name": "DSA-4662",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4662"
            },
            {
              "name": "USN-4337-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4337-1/"
            },
            {
              "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
            },
            {
              "name": "DSA-4668",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4668"
            },
            {
              "name": "FEDORA-2020-5386fe3bbb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
            },
            {
              "name": "FEDORA-2020-21ca991b3b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
            },
            {
              "name": "FEDORA-2020-a60ad9d4ec",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
            },
            {
              "name": "openSUSE-SU-2020:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2020:0800",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
            },
            {
              "name": "GLSA-202006-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-22"
            },
            {
              "name": "openSUSE-SU-2020:0841",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2756",
    "datePublished": "2020-04-15T13:29:44",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T15:41:43.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21443

Vulnerability from cvelistv5

Published

2022-04-19 20:37

Modified

2024-08-03 02:38

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://security.netapp.com/advisory/ntap-20220429-0006/
	https://www.debian.org/security/2022/dsa-5128	vendor-advisory
	https://www.debian.org/security/2022/dsa-5131	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	mailing-list
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u331
Version: Oracle Java SE:8u321
Version: Oracle Java SE:11.0.14
Version: Oracle Java SE:17.0.2
Version: Oracle Java SE:18
Version: Oracle GraalVM Enterprise Edition:20.3.5
Version: Oracle GraalVM Enterprise Edition:21.3.1
Version: Oracle GraalVM Enterprise Edition:22.0.0.2

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21443",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-24T15:31:25.581438Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-24T15:31:36.356Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:56.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
          },
          {
            "name": "DSA-5128",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5128"
          },
          {
            "name": "DSA-5131",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5131"
          },
          {
            "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u331"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.14"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.2"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:18"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:38.587068",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
        },
        {
          "name": "DSA-5128",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5128"
        },
        {
          "name": "DSA-5131",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5131"
        },
        {
          "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21443",
    "datePublished": "2022-04-19T20:37:30",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:56.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21341

Vulnerability from cvelistv5

Published

2022-01-19 11:25

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u321
Version: Oracle Java SE:8u311
Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:53.724Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21341",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21341",
    "datePublished": "2022-01-19T11:25:02",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:55.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2583

Vulnerability from cvelistv5

Published

2020-01-15 16:34

Modified

2024-09-30 16:31

Severity ?

3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2020:0128	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0122	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2020/dsa-4605	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Jan/24	mailing-list, x_refsource_BUGTRAQ
	https://access.redhat.com/errata/RHSA-2020:0157	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0196	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20200122-0003/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2020:0232	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0231	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0202	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/4257-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2020:0465	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0470	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0467	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0469	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0468	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2020/dsa-4621	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Feb/22	mailing-list, x_refsource_BUGTRAQ
	https://access.redhat.com/errata/RHSA-2020:0541	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0632	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	mailing-list, x_refsource_MLIST
	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202101-19	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1
Version: Java SE Embedded: 8u231

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:09:54.723Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "RHSA-2020:0128",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0128"
          },
          {
            "name": "RHSA-2020:0122",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0122"
          },
          {
            "name": "DSA-4605",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4605"
          },
          {
            "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/24"
          },
          {
            "name": "RHSA-2020:0157",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0157"
          },
          {
            "name": "RHSA-2020:0196",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0196"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
          },
          {
            "name": "openSUSE-SU-2020:0113",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
          },
          {
            "name": "openSUSE-SU-2020:0147",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
          },
          {
            "name": "RHSA-2020:0232",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0232"
          },
          {
            "name": "RHSA-2020:0231",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0231"
          },
          {
            "name": "RHSA-2020:0202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0202"
          },
          {
            "name": "USN-4257-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4257-1/"
          },
          {
            "name": "RHSA-2020:0465",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0465"
          },
          {
            "name": "RHSA-2020:0470",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0470"
          },
          {
            "name": "RHSA-2020:0467",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0467"
          },
          {
            "name": "RHSA-2020:0469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0469"
          },
          {
            "name": "RHSA-2020:0468",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0468"
          },
          {
            "name": "DSA-4621",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4621"
          },
          {
            "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Feb/22"
          },
          {
            "name": "RHSA-2020:0541",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0541"
          },
          {
            "name": "RHSA-2020:0632",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0632"
          },
          {
            "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2583",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:04:53.482302Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T16:31:41.183Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u231"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:16",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "RHSA-2020:0128",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0128"
        },
        {
          "name": "RHSA-2020:0122",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0122"
        },
        {
          "name": "DSA-4605",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4605"
        },
        {
          "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/24"
        },
        {
          "name": "RHSA-2020:0157",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0157"
        },
        {
          "name": "RHSA-2020:0196",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0196"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
        },
        {
          "name": "openSUSE-SU-2020:0113",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
        },
        {
          "name": "openSUSE-SU-2020:0147",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
        },
        {
          "name": "RHSA-2020:0232",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0232"
        },
        {
          "name": "RHSA-2020:0231",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0231"
        },
        {
          "name": "RHSA-2020:0202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0202"
        },
        {
          "name": "USN-4257-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4257-1/"
        },
        {
          "name": "RHSA-2020:0465",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0465"
        },
        {
          "name": "RHSA-2020:0470",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0470"
        },
        {
          "name": "RHSA-2020:0467",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0467"
        },
        {
          "name": "RHSA-2020:0469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0469"
        },
        {
          "name": "RHSA-2020:0468",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0468"
        },
        {
          "name": "DSA-4621",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4621"
        },
        {
          "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Feb/22"
        },
        {
          "name": "RHSA-2020:0541",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0541"
        },
        {
          "name": "RHSA-2020:0632",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0632"
        },
        {
          "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2583",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u231"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "RHSA-2020:0128",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0128"
            },
            {
              "name": "RHSA-2020:0122",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0122"
            },
            {
              "name": "DSA-4605",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4605"
            },
            {
              "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/24"
            },
            {
              "name": "RHSA-2020:0157",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0157"
            },
            {
              "name": "RHSA-2020:0196",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0196"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
            },
            {
              "name": "openSUSE-SU-2020:0113",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
            },
            {
              "name": "openSUSE-SU-2020:0147",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
            },
            {
              "name": "RHSA-2020:0232",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0232"
            },
            {
              "name": "RHSA-2020:0231",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0231"
            },
            {
              "name": "RHSA-2020:0202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0202"
            },
            {
              "name": "USN-4257-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4257-1/"
            },
            {
              "name": "RHSA-2020:0465",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0465"
            },
            {
              "name": "RHSA-2020:0470",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0470"
            },
            {
              "name": "RHSA-2020:0467",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0467"
            },
            {
              "name": "RHSA-2020:0469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0469"
            },
            {
              "name": "RHSA-2020:0468",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0468"
            },
            {
              "name": "DSA-4621",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4621"
            },
            {
              "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Feb/22"
            },
            {
              "name": "RHSA-2020:0541",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0541"
            },
            {
              "name": "RHSA-2020:0632",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0632"
            },
            {
              "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2583",
    "datePublished": "2020-01-15T16:34:02",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T16:31:41.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35586

Vulnerability from cvelistv5

Published

2021-10-20 10:50

Modified

2024-09-25 19:33

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2021.html
	https://security.netapp.com/advisory/ntap-20211022-0004/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/	vendor-advisory
	https://www.debian.org/security/2021/dsa-5000	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	mailing-list
	https://www.debian.org/security/2021/dsa-5012	vendor-advisory
	https://security.gentoo.org/glsa/202209-05	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor

Product

Version

▼

Version: Java SE:7u311
Version: Java SE:8u301
Version: Java SE:11.0.12
Version: Java SE:17
Version: Oracle GraalVM Enterprise Edition:20.3.3
Version: Oracle GraalVM Enterprise Edition:21.2.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:47.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "name": "FEDORA-2021-7701833090",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
          },
          {
            "name": "FEDORA-2021-1cc8ffd122",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
          },
          {
            "name": "FEDORA-2021-107c8c5063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
          },
          {
            "name": "DSA-5000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5000"
          },
          {
            "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
          },
          {
            "name": "DSA-5012",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5012"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-35586",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T19:32:02.914714Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T19:33:20.643Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE:7u311"
            },
            {
              "status": "affected",
              "version": "Java SE:8u301"
            },
            {
              "status": "affected",
              "version": "Java SE:11.0.12"
            },
            {
              "status": "affected",
              "version": "Java SE:17"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.3"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:08:03.822691",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "name": "FEDORA-2021-7701833090",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
        },
        {
          "name": "FEDORA-2021-1cc8ffd122",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
        },
        {
          "name": "FEDORA-2021-107c8c5063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
        },
        {
          "name": "DSA-5000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5000"
        },
        {
          "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
        },
        {
          "name": "DSA-5012",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5012"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-35586",
    "datePublished": "2021-10-20T10:50:30",
    "dateReserved": "2021-06-28T00:00:00",
    "dateUpdated": "2024-09-25T19:33:20.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21271

Vulnerability from cvelistv5

Published

2022-01-19 11:22

Modified

2024-09-24 20:29

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Solaris Operating System

Version: 11

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:31:59.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21271",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T17:35:28.936640Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T20:29:11.662Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Solaris Operating System",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-07T04:06:43",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21271",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Solaris Operating System",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21271",
    "datePublished": "2022-01-19T11:22:48",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-09-24T20:29:11.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21349

Vulnerability from cvelistv5

Published

2022-01-19 11:25

Modified

2024-09-24 20:20

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u321
Version: Oracle Java SE:8u311
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21349",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T17:35:33.447848Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T20:20:19.898Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-07T04:07:17",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21349",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21349",
    "datePublished": "2022-01-19T11:25:16",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-09-24T20:20:19.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35560

Vulnerability from cvelistv5

Published

2021-10-20 10:50

Modified

2024-09-06 18:54

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2021.html
	https://security.netapp.com/advisory/ntap-20211022-0004/
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor

Product

Version

▼

Version: Java SE:8u301

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:47.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "java_se",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8u301"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-35560",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T18:18:03.172834Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-06T18:54:39.750Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE:8u301"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:15.255742",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-35560",
    "datePublished": "2021-10-20T10:50:08",
    "dateReserved": "2021-06-28T00:00:00",
    "dateUpdated": "2024-09-06T18:54:39.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35561

Vulnerability from cvelistv5

Published

2021-10-20 10:50

Modified

2024-09-25 19:35

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20211022-0004/	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/	vendor-advisory, x_refsource_FEDORA
	https://www.debian.org/security/2021/dsa-5000	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2021/dsa-5012	vendor-advisory, x_refsource_DEBIAN
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE:7u311
Version: Java SE:8u301
Version: Java SE:11.0.12
Version: Java SE:17
Version: Oracle GraalVM Enterprise Edition:20.3.3
Version: Oracle GraalVM Enterprise Edition:21.2.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:47.369Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "name": "FEDORA-2021-35145352b0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
          },
          {
            "name": "FEDORA-2021-7701833090",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
          },
          {
            "name": "FEDORA-2021-9a51a6f8b1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
          },
          {
            "name": "FEDORA-2021-1cc8ffd122",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
          },
          {
            "name": "FEDORA-2021-eb3e3e87d3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
          },
          {
            "name": "FEDORA-2021-107c8c5063",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
          },
          {
            "name": "DSA-5000",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5000"
          },
          {
            "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
          },
          {
            "name": "DSA-5012",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5012"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-35561",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T19:32:13.560580Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T19:35:41.243Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE:7u311"
            },
            {
              "status": "affected",
              "version": "Java SE:8u301"
            },
            {
              "status": "affected",
              "version": "Java SE:11.0.12"
            },
            {
              "status": "affected",
              "version": "Java SE:17"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.3"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-07T04:07:06",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "name": "FEDORA-2021-35145352b0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
        },
        {
          "name": "FEDORA-2021-7701833090",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
        },
        {
          "name": "FEDORA-2021-9a51a6f8b1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
        },
        {
          "name": "FEDORA-2021-1cc8ffd122",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
        },
        {
          "name": "FEDORA-2021-eb3e3e87d3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
        },
        {
          "name": "FEDORA-2021-107c8c5063",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
        },
        {
          "name": "DSA-5000",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5000"
        },
        {
          "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
        },
        {
          "name": "DSA-5012",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5012"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2021-35561",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE:7u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE:8u301"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE:11.0.12"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE:17"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.3"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211022-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
            },
            {
              "name": "FEDORA-2021-35145352b0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
            },
            {
              "name": "FEDORA-2021-7701833090",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
            },
            {
              "name": "FEDORA-2021-9a51a6f8b1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
            },
            {
              "name": "FEDORA-2021-1cc8ffd122",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
            },
            {
              "name": "FEDORA-2021-eb3e3e87d3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
            },
            {
              "name": "FEDORA-2021-107c8c5063",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
            },
            {
              "name": "DSA-5000",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5000"
            },
            {
              "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
            },
            {
              "name": "DSA-5012",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5012"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-35561",
    "datePublished": "2021-10-20T10:50:09",
    "dateReserved": "2021-06-28T00:00:00",
    "dateUpdated": "2024-09-25T19:35:41.243Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14577

Vulnerability from cvelistv5

Published

2020-07-15 17:34

Modified

2024-09-27 18:38

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200717-0005/	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/	vendor-advisory, x_refsource_FEDORA
	https://usn.ubuntu.com/4433-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2020/dsa-4734	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	vendor-advisory, x_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4453-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u261, 8u251, 11.0.7, 14.0.1
Version: Java SE Embedded: 8u251

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:34.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
          },
          {
            "name": "FEDORA-2020-e418151dc3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
          },
          {
            "name": "FEDORA-2020-5d0b4a2b5b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
          },
          {
            "name": "USN-4433-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4433-1/"
          },
          {
            "name": "DSA-4734",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4734"
          },
          {
            "name": "FEDORA-2020-508df53719",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
          },
          {
            "name": "FEDORA-2020-93cc9c3ef2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
          },
          {
            "name": "openSUSE-SU-2020:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
          },
          {
            "name": "openSUSE-SU-2020:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
          },
          {
            "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
          },
          {
            "name": "USN-4453-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4453-1/"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14577",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T17:58:56.789755Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T18:38:12.047Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u261, 8u251, 11.0.7, 14.0.1"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u251"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:41",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
        },
        {
          "name": "FEDORA-2020-e418151dc3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
        },
        {
          "name": "FEDORA-2020-5d0b4a2b5b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
        },
        {
          "name": "USN-4433-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4433-1/"
        },
        {
          "name": "DSA-4734",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4734"
        },
        {
          "name": "FEDORA-2020-508df53719",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
        },
        {
          "name": "FEDORA-2020-93cc9c3ef2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
        },
        {
          "name": "openSUSE-SU-2020:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
        },
        {
          "name": "openSUSE-SU-2020:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
        },
        {
          "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
        },
        {
          "name": "USN-4453-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4453-1/"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14577",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u261, 8u251, 11.0.7, 14.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u251"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
            },
            {
              "name": "FEDORA-2020-e418151dc3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
            },
            {
              "name": "FEDORA-2020-5d0b4a2b5b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
            },
            {
              "name": "USN-4433-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4433-1/"
            },
            {
              "name": "DSA-4734",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4734"
            },
            {
              "name": "FEDORA-2020-508df53719",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
            },
            {
              "name": "FEDORA-2020-93cc9c3ef2",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
            },
            {
              "name": "openSUSE-SU-2020:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
            },
            {
              "name": "openSUSE-SU-2020:1191",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
            },
            {
              "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
            },
            {
              "name": "USN-4453-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4453-1/"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14577",
    "datePublished": "2020-07-15T17:34:28",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-27T18:38:12.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35603

Vulnerability from cvelistv5

Published

2021-10-20 10:50

Modified

2024-08-04 00:40

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2021.html
	https://security.netapp.com/advisory/ntap-20211022-0004/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/	vendor-advisory
	https://www.debian.org/security/2021/dsa-5000	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	mailing-list
	https://www.debian.org/security/2021/dsa-5012	vendor-advisory
	https://security.gentoo.org/glsa/202209-05	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor

Product

Version

▼

Version: Java SE:7u311
Version: Java SE:8u301
Version: Java SE:11.0.12
Version: Java SE:17
Version: Oracle GraalVM Enterprise Edition:20.3.3
Version: Oracle GraalVM Enterprise Edition:21.2.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-35603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-18T17:52:57.786974Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-18T17:53:05.342Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:47.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "name": "FEDORA-2021-7701833090",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
          },
          {
            "name": "FEDORA-2021-1cc8ffd122",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
          },
          {
            "name": "FEDORA-2021-107c8c5063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
          },
          {
            "name": "DSA-5000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5000"
          },
          {
            "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
          },
          {
            "name": "DSA-5012",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5012"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE:7u311"
            },
            {
              "status": "affected",
              "version": "Java SE:8u301"
            },
            {
              "status": "affected",
              "version": "Java SE:11.0.12"
            },
            {
              "status": "affected",
              "version": "Java SE:17"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.3"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:44.582774",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "name": "FEDORA-2021-7701833090",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
        },
        {
          "name": "FEDORA-2021-1cc8ffd122",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
        },
        {
          "name": "FEDORA-2021-107c8c5063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
        },
        {
          "name": "DSA-5000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5000"
        },
        {
          "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
        },
        {
          "name": "DSA-5012",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5012"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-35603",
    "datePublished": "2021-10-20T10:50:43",
    "dateReserved": "2021-06-28T00:00:00",
    "dateUpdated": "2024-08-04T00:40:47.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21296

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u321
Version: Oracle Java SE:8u311
Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:33.516Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21296",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21296",
    "datePublished": "2022-01-19T11:23:38",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:55.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14779

Vulnerability from cvelistv5

Published

2020-10-21 14:04

Modified

2024-09-26 20:24

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20201023-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4779	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7XEONOP6JB7SD7AMUWZTLZF2L4QD546/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCKZAI4AWSKO5O5VDXHFFKNLOZGZ3KEE/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202101-19	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u271
Version: 8u261
Version: 11.0.8
Version: 15; Java SE Embedded: 8u261

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:53:43.428Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
          },
          {
            "name": "DSA-4779",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4779"
          },
          {
            "name": "FEDORA-2020-845860fd4f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7XEONOP6JB7SD7AMUWZTLZF2L4QD546/"
          },
          {
            "name": "FEDORA-2020-5708dd5b87",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/"
          },
          {
            "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
          },
          {
            "name": "FEDORA-2020-febe36c3ac",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2/"
          },
          {
            "name": "FEDORA-2020-421f817e5f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCKZAI4AWSKO5O5VDXHFFKNLOZGZ3KEE/"
          },
          {
            "name": "FEDORA-2020-a405eea76a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/"
          },
          {
            "name": "FEDORA-2020-fdc79d8e5b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14779",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T19:44:44.512253Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T20:24:31.036Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u271"
            },
            {
              "status": "affected",
              "version": "8u261"
            },
            {
              "status": "affected",
              "version": "11.0.8"
            },
            {
              "status": "affected",
              "version": "15; Java SE Embedded: 8u261"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:12",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
        },
        {
          "name": "DSA-4779",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4779"
        },
        {
          "name": "FEDORA-2020-845860fd4f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7XEONOP6JB7SD7AMUWZTLZF2L4QD546/"
        },
        {
          "name": "FEDORA-2020-5708dd5b87",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/"
        },
        {
          "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
        },
        {
          "name": "FEDORA-2020-febe36c3ac",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2/"
        },
        {
          "name": "FEDORA-2020-421f817e5f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCKZAI4AWSKO5O5VDXHFFKNLOZGZ3KEE/"
        },
        {
          "name": "FEDORA-2020-a405eea76a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/"
        },
        {
          "name": "FEDORA-2020-fdc79d8e5b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14779",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u271"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u261"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "11.0.8"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "15; Java SE Embedded: 8u261"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201023-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
            },
            {
              "name": "DSA-4779",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4779"
            },
            {
              "name": "FEDORA-2020-845860fd4f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7XEONOP6JB7SD7AMUWZTLZF2L4QD546/"
            },
            {
              "name": "FEDORA-2020-5708dd5b87",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/"
            },
            {
              "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
            },
            {
              "name": "FEDORA-2020-febe36c3ac",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2/"
            },
            {
              "name": "FEDORA-2020-421f817e5f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCKZAI4AWSKO5O5VDXHFFKNLOZGZ3KEE/"
            },
            {
              "name": "FEDORA-2020-a405eea76a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/"
            },
            {
              "name": "FEDORA-2020-fdc79d8e5b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14779",
    "datePublished": "2020-10-21T14:04:24",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-26T20:24:31.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21496

Vulnerability from cvelistv5

Published

2022-04-19 20:38

Modified

2024-09-24 20:05

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://security.netapp.com/advisory/ntap-20220429-0006/
	https://www.debian.org/security/2022/dsa-5128	vendor-advisory
	https://www.debian.org/security/2022/dsa-5131	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	mailing-list
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u331
Version: Oracle Java SE:8u321
Version: Oracle Java SE:11.0.14
Version: Oracle Java SE:17.0.2
Version: Oracle Java SE:18
Version: Oracle GraalVM Enterprise Edition:20.3.5
Version: Oracle GraalVM Enterprise Edition:21.3.1
Version: Oracle GraalVM Enterprise Edition:22.0.0.2

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:46:38.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
          },
          {
            "name": "DSA-5128",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5128"
          },
          {
            "name": "DSA-5131",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5131"
          },
          {
            "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21496",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T13:53:50.783083Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T20:05:36.664Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u331"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.14"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.2"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:18"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:40.368882",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
        },
        {
          "name": "DSA-5128",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5128"
        },
        {
          "name": "DSA-5131",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5131"
        },
        {
          "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21496",
    "datePublished": "2022-04-19T20:38:50",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-09-24T20:05:36.664Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35567

Vulnerability from cvelistv5

Published

2021-10-20 10:50

Modified

2024-09-25 19:35

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20211022-0004/	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/	vendor-advisory, x_refsource_FEDORA
	https://www.debian.org/security/2021/dsa-5000	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2021/dsa-5012	vendor-advisory, x_refsource_DEBIAN
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE:8u301
Version: Java SE:11.0.12
Version: Java SE:17
Version: Oracle GraalVM Enterprise Edition:20.3.3
Version: Oracle GraalVM Enterprise Edition:21.2.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:46.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "name": "FEDORA-2021-7701833090",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
          },
          {
            "name": "FEDORA-2021-1cc8ffd122",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
          },
          {
            "name": "FEDORA-2021-107c8c5063",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
          },
          {
            "name": "DSA-5000",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5000"
          },
          {
            "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
          },
          {
            "name": "DSA-5012",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5012"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-35567",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T19:14:55.364056Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T19:35:00.822Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE:8u301"
            },
            {
              "status": "affected",
              "version": "Java SE:11.0.12"
            },
            {
              "status": "affected",
              "version": "Java SE:17"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.3"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-07T04:06:57",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "name": "FEDORA-2021-7701833090",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
        },
        {
          "name": "FEDORA-2021-1cc8ffd122",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
        },
        {
          "name": "FEDORA-2021-107c8c5063",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
        },
        {
          "name": "DSA-5000",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5000"
        },
        {
          "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
        },
        {
          "name": "DSA-5012",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5012"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2021-35567",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE:8u301"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE:11.0.12"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE:17"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.3"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "6.8",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211022-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
            },
            {
              "name": "FEDORA-2021-7701833090",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
            },
            {
              "name": "FEDORA-2021-1cc8ffd122",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
            },
            {
              "name": "FEDORA-2021-107c8c5063",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
            },
            {
              "name": "DSA-5000",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5000"
            },
            {
              "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
            },
            {
              "name": "DSA-5012",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5012"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-35567",
    "datePublished": "2021-10-20T10:50:14",
    "dateReserved": "2021-06-28T00:00:00",
    "dateUpdated": "2024-09-25T19:35:00.822Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2585

Vulnerability from cvelistv5

Published

2020-01-15 16:34

Modified

2024-09-30 16:31

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200122-0003/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202006-22	vendor-advisory, x_refsource_GENTOO
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 8u231

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:09:54.833Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
          },
          {
            "name": "GLSA-202006-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-22"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2585",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:04:50.395929Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T16:31:12.131Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 8u231"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:53",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
        },
        {
          "name": "GLSA-202006-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-22"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2585",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 8u231"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.9",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
            },
            {
              "name": "GLSA-202006-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-22"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2585",
    "datePublished": "2020-01-15T16:34:02",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T16:31:12.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2767

Vulnerability from cvelistv5

Published

2020-04-15 13:29

Modified

2024-09-30 15:40

Severity ?

4.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200416-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4662	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/4337-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 11.0.6, 14

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
          },
          {
            "name": "DSA-4662",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4662"
          },
          {
            "name": "USN-4337-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4337-1/"
          },
          {
            "name": "openSUSE-SU-2020:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2767",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T14:59:51.390149Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T15:40:08.657Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 11.0.6, 14"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE accessible data as well as  unauthorized read access to a subset of Java SE accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-02T14:06:17",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
        },
        {
          "name": "DSA-4662",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4662"
        },
        {
          "name": "USN-4337-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4337-1/"
        },
        {
          "name": "openSUSE-SU-2020:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2767",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 11.0.6, 14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "4.8",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE accessible data as well as  unauthorized read access to a subset of Java SE accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
            },
            {
              "name": "DSA-4662",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4662"
            },
            {
              "name": "USN-4337-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4337-1/"
            },
            {
              "name": "openSUSE-SU-2020:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2767",
    "datePublished": "2020-04-15T13:29:45",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T15:40:08.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21248

Vulnerability from cvelistv5

Published

2022-01-19 11:22

Modified

2024-09-24 20:32

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u321
Version: Oracle Java SE:8u311
Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:31:59.380Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "FEDORA-2022-b706eef225",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/"
          },
          {
            "name": "FEDORA-2022-416be040a8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/"
          },
          {
            "name": "FEDORA-2022-477401b0f7",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21248",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T17:45:14.155785Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T20:32:08.693Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:56.641Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "FEDORA-2022-b706eef225",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/"
        },
        {
          "name": "FEDORA-2022-416be040a8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/"
        },
        {
          "name": "FEDORA-2022-477401b0f7",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21248",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "FEDORA-2022-b706eef225",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/"
            },
            {
              "name": "FEDORA-2022-416be040a8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/"
            },
            {
              "name": "FEDORA-2022-477401b0f7",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21248",
    "datePublished": "2022-01-19T11:22:01",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-09-24T20:32:08.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14583

Vulnerability from cvelistv5

Published

2020-07-15 17:34

Modified

2024-09-27 18:37

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200717-0005/	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/	vendor-advisory, x_refsource_FEDORA
	https://usn.ubuntu.com/4433-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2020/dsa-4734	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	vendor-advisory, x_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4453-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/202008-24	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u261, 8u251, 11.0.7, 14.0.1
Version: Java SE Embedded: 8u251

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:53:41.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
          },
          {
            "name": "FEDORA-2020-e418151dc3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
          },
          {
            "name": "FEDORA-2020-5d0b4a2b5b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
          },
          {
            "name": "USN-4433-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4433-1/"
          },
          {
            "name": "DSA-4734",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4734"
          },
          {
            "name": "FEDORA-2020-508df53719",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
          },
          {
            "name": "FEDORA-2020-93cc9c3ef2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
          },
          {
            "name": "openSUSE-SU-2020:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
          },
          {
            "name": "openSUSE-SU-2020:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
          },
          {
            "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
          },
          {
            "name": "USN-4453-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4453-1/"
          },
          {
            "name": "GLSA-202008-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202008-24"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14583",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T17:55:01.769871Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T18:37:10.873Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u261, 8u251, 11.0.7, 14.0.1"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u251"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:25",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
        },
        {
          "name": "FEDORA-2020-e418151dc3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
        },
        {
          "name": "FEDORA-2020-5d0b4a2b5b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
        },
        {
          "name": "USN-4433-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4433-1/"
        },
        {
          "name": "DSA-4734",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4734"
        },
        {
          "name": "FEDORA-2020-508df53719",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
        },
        {
          "name": "FEDORA-2020-93cc9c3ef2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
        },
        {
          "name": "openSUSE-SU-2020:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
        },
        {
          "name": "openSUSE-SU-2020:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
        },
        {
          "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
        },
        {
          "name": "USN-4453-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4453-1/"
        },
        {
          "name": "GLSA-202008-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202008-24"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14583",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u261, 8u251, 11.0.7, 14.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u251"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "8.3",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
            },
            {
              "name": "FEDORA-2020-e418151dc3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
            },
            {
              "name": "FEDORA-2020-5d0b4a2b5b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
            },
            {
              "name": "USN-4433-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4433-1/"
            },
            {
              "name": "DSA-4734",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4734"
            },
            {
              "name": "FEDORA-2020-508df53719",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
            },
            {
              "name": "FEDORA-2020-93cc9c3ef2",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
            },
            {
              "name": "openSUSE-SU-2020:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
            },
            {
              "name": "openSUSE-SU-2020:1191",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
            },
            {
              "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
            },
            {
              "name": "USN-4453-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4453-1/"
            },
            {
              "name": "GLSA-202008-24",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202008-24"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14583",
    "datePublished": "2020-07-15T17:34:28",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-27T18:37:10.873Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21426

Vulnerability from cvelistv5

Published

2022-04-19 20:37

Modified

2024-09-24 20:12

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220429-0006/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5128	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5131	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	mailing-list, x_refsource_MLIST

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u331
Version: Oracle Java SE:8u321
Version: Oracle Java SE:11.0.14
Version: Oracle Java SE:17.0.2
Version: Oracle Java SE:18
Version: Oracle GraalVM Enterprise Edition:20.3.5
Version: Oracle GraalVM Enterprise Edition:21.3.1
Version: Oracle GraalVM Enterprise Edition:22.0.0.2

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:56.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
          },
          {
            "name": "DSA-5128",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5128"
          },
          {
            "name": "DSA-5131",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5131"
          },
          {
            "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21426",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T17:35:39.893746Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T20:12:08.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u331"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.14"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.2"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:18"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-14T11:06:07",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
        },
        {
          "name": "DSA-5128",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5128"
        },
        {
          "name": "DSA-5131",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5131"
        },
        {
          "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21426",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u331"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.14"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:18"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.5"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:22.0.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220429-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
            },
            {
              "name": "DSA-5128",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5128"
            },
            {
              "name": "DSA-5131",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5131"
            },
            {
              "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21426",
    "datePublished": "2022-04-19T20:37:11",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-09-24T20:12:08.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2604

Vulnerability from cvelistv5

Published

2020-01-15 16:34

Modified

2024-09-30 14:51

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2020:0128	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0122	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0196	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2020:0232	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0231	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0202	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/4257-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2020:0465	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0470	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0467	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0469	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0468	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2020/dsa-4621	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Feb/22	mailing-list, x_refsource_BUGTRAQ
	https://access.redhat.com/errata/RHSA-2020:0541	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0632	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://security.gentoo.org/glsa/202101-19	vendor-advisory, x_refsource_GENTOO
	https://www.oracle.com/security-alerts/cpujul2021.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200122-0003/	x_refsource_CONFIRM
	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1
Version: Java SE Embedded: 8u231

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:09:54.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2020:0128",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0128"
          },
          {
            "name": "RHSA-2020:0122",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0122"
          },
          {
            "name": "RHSA-2020:0196",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0196"
          },
          {
            "name": "openSUSE-SU-2020:0113",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
          },
          {
            "name": "openSUSE-SU-2020:0147",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
          },
          {
            "name": "RHSA-2020:0232",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0232"
          },
          {
            "name": "RHSA-2020:0231",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0231"
          },
          {
            "name": "RHSA-2020:0202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0202"
          },
          {
            "name": "USN-4257-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4257-1/"
          },
          {
            "name": "RHSA-2020:0465",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0465"
          },
          {
            "name": "RHSA-2020:0470",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0470"
          },
          {
            "name": "RHSA-2020:0467",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0467"
          },
          {
            "name": "RHSA-2020:0469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0469"
          },
          {
            "name": "RHSA-2020:0468",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0468"
          },
          {
            "name": "DSA-4621",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4621"
          },
          {
            "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Feb/22"
          },
          {
            "name": "RHSA-2020:0541",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0541"
          },
          {
            "name": "RHSA-2020:0632",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0632"
          },
          {
            "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2604",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T14:42:05.369215Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T14:51:54.874Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u231"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:43:05",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2020:0128",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0128"
        },
        {
          "name": "RHSA-2020:0122",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0122"
        },
        {
          "name": "RHSA-2020:0196",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0196"
        },
        {
          "name": "openSUSE-SU-2020:0113",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
        },
        {
          "name": "openSUSE-SU-2020:0147",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
        },
        {
          "name": "RHSA-2020:0232",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0232"
        },
        {
          "name": "RHSA-2020:0231",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0231"
        },
        {
          "name": "RHSA-2020:0202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0202"
        },
        {
          "name": "USN-4257-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4257-1/"
        },
        {
          "name": "RHSA-2020:0465",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0465"
        },
        {
          "name": "RHSA-2020:0470",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0470"
        },
        {
          "name": "RHSA-2020:0467",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0467"
        },
        {
          "name": "RHSA-2020:0469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0469"
        },
        {
          "name": "RHSA-2020:0468",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0468"
        },
        {
          "name": "DSA-4621",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4621"
        },
        {
          "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Feb/22"
        },
        {
          "name": "RHSA-2020:0541",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0541"
        },
        {
          "name": "RHSA-2020:0632",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0632"
        },
        {
          "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2604",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u231"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "8.1",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2020:0128",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0128"
            },
            {
              "name": "RHSA-2020:0122",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0122"
            },
            {
              "name": "RHSA-2020:0196",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0196"
            },
            {
              "name": "openSUSE-SU-2020:0113",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
            },
            {
              "name": "openSUSE-SU-2020:0147",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
            },
            {
              "name": "RHSA-2020:0232",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0232"
            },
            {
              "name": "RHSA-2020:0231",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0231"
            },
            {
              "name": "RHSA-2020:0202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0202"
            },
            {
              "name": "USN-4257-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4257-1/"
            },
            {
              "name": "RHSA-2020:0465",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0465"
            },
            {
              "name": "RHSA-2020:0470",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0470"
            },
            {
              "name": "RHSA-2020:0467",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0467"
            },
            {
              "name": "RHSA-2020:0469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0469"
            },
            {
              "name": "RHSA-2020:0468",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0468"
            },
            {
              "name": "DSA-4621",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4621"
            },
            {
              "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Feb/22"
            },
            {
              "name": "RHSA-2020:0541",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0541"
            },
            {
              "name": "RHSA-2020:0632",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0632"
            },
            {
              "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2604",
    "datePublished": "2020-01-15T16:34:03",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T14:51:54.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-13118

Vulnerability from cvelistv5

Published

2019-07-01 01:27

Modified

2024-08-04 23:41

Severity ?

Summary

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

References

▼	URL	Tags
	https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b	x_refsource_MISC
	https://oss-fuzz.com/testcase-detail/5197371471822848	x_refsource_MISC
	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069	x_refsource_MISC
	https://support.apple.com/kb/HT210348	x_refsource_CONFIRM
	https://support.apple.com/kb/HT210353	x_refsource_CONFIRM
	https://support.apple.com/kb/HT210351	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html	mailing-list, x_refsource_MLIST
	https://support.apple.com/kb/HT210346	x_refsource_CONFIRM
	https://seclists.org/bugtraq/2019/Jul/35	mailing-list, x_refsource_BUGTRAQ
	https://seclists.org/bugtraq/2019/Jul/37	mailing-list, x_refsource_BUGTRAQ
	https://seclists.org/bugtraq/2019/Jul/36	mailing-list, x_refsource_BUGTRAQ
	http://seclists.org/fulldisclosure/2019/Jul/24	mailing-list, x_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/Jul/23	mailing-list, x_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/Jul/22	mailing-list, x_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/Jul/26	mailing-list, x_refsource_FULLDISC
	https://support.apple.com/kb/HT210356	x_refsource_CONFIRM
	https://support.apple.com/kb/HT210357	x_refsource_CONFIRM
	https://support.apple.com/kb/HT210358	x_refsource_CONFIRM
	https://seclists.org/bugtraq/2019/Jul/42	mailing-list, x_refsource_BUGTRAQ
	https://seclists.org/bugtraq/2019/Jul/40	mailing-list, x_refsource_BUGTRAQ
	https://seclists.org/bugtraq/2019/Jul/41	mailing-list, x_refsource_BUGTRAQ
	http://seclists.org/fulldisclosure/2019/Jul/31	mailing-list, x_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/Jul/37	mailing-list, x_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/Jul/38	mailing-list, x_refsource_FULLDISC
	https://security.netapp.com/advisory/ntap-20190806-0004/	x_refsource_CONFIRM
	https://seclists.org/bugtraq/2019/Aug/25	mailing-list, x_refsource_BUGTRAQ
	https://seclists.org/bugtraq/2019/Aug/22	mailing-list, x_refsource_BUGTRAQ
	https://seclists.org/bugtraq/2019/Aug/23	mailing-list, x_refsource_BUGTRAQ
	https://seclists.org/bugtraq/2019/Aug/21	mailing-list, x_refsource_BUGTRAQ
	http://seclists.org/fulldisclosure/2019/Aug/14	mailing-list, x_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/Aug/11	mailing-list, x_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/Aug/13	mailing-list, x_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/Aug/15	mailing-list, x_refsource_FULLDISC
	https://usn.ubuntu.com/4164-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/	vendor-advisory, x_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2019/11/17/2	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200122-0003/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html	vendor-advisory, x_refsource_SUSE
	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:41:10.546Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT210348"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT210353"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT210351"
          },
          {
            "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT210346"
          },
          {
            "name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jul/35"
          },
          {
            "name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jul/37"
          },
          {
            "name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jul/36"
          },
          {
            "name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jul/24"
          },
          {
            "name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jul/23"
          },
          {
            "name": "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jul/22"
          },
          {
            "name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jul/26"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT210356"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT210357"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT210358"
          },
          {
            "name": "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jul/42"
          },
          {
            "name": "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jul/40"
          },
          {
            "name": "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jul/41"
          },
          {
            "name": "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jul/31"
          },
          {
            "name": "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jul/37"
          },
          {
            "name": "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jul/38"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
          },
          {
            "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/25"
          },
          {
            "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/22"
          },
          {
            "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/23"
          },
          {
            "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/21"
          },
          {
            "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
          },
          {
            "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
          },
          {
            "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
          },
          {
            "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
          },
          {
            "name": "USN-4164-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4164-1/"
          },
          {
            "name": "FEDORA-2019-fdf6ec39b4",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
          },
          {
            "name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
          },
          {
            "name": "openSUSE-SU-2020:0731",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
          },
          {
            "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-29T14:08:54",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT210348"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT210353"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT210351"
        },
        {
          "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT210346"
        },
        {
          "name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jul/35"
        },
        {
          "name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jul/37"
        },
        {
          "name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jul/36"
        },
        {
          "name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jul/24"
        },
        {
          "name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jul/23"
        },
        {
          "name": "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jul/22"
        },
        {
          "name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jul/26"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT210356"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT210357"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT210358"
        },
        {
          "name": "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jul/42"
        },
        {
          "name": "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jul/40"
        },
        {
          "name": "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jul/41"
        },
        {
          "name": "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jul/31"
        },
        {
          "name": "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jul/37"
        },
        {
          "name": "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jul/38"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
        },
        {
          "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/25"
        },
        {
          "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/22"
        },
        {
          "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/23"
        },
        {
          "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/21"
        },
        {
          "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
        },
        {
          "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
        },
        {
          "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
        },
        {
          "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
        },
        {
          "name": "USN-4164-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4164-1/"
        },
        {
          "name": "FEDORA-2019-fdf6ec39b4",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
        },
        {
          "name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
        },
        {
          "name": "openSUSE-SU-2020:0731",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
        },
        {
          "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-13118",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b",
              "refsource": "MISC",
              "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
            },
            {
              "name": "https://oss-fuzz.com/testcase-detail/5197371471822848",
              "refsource": "MISC",
              "url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
            },
            {
              "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
            },
            {
              "name": "https://support.apple.com/kb/HT210348",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT210348"
            },
            {
              "name": "https://support.apple.com/kb/HT210353",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT210353"
            },
            {
              "name": "https://support.apple.com/kb/HT210351",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT210351"
            },
            {
              "name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
            },
            {
              "name": "https://support.apple.com/kb/HT210346",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT210346"
            },
            {
              "name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jul/35"
            },
            {
              "name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jul/37"
            },
            {
              "name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jul/36"
            },
            {
              "name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jul/24"
            },
            {
              "name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jul/23"
            },
            {
              "name": "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jul/22"
            },
            {
              "name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jul/26"
            },
            {
              "name": "https://support.apple.com/kb/HT210356",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT210356"
            },
            {
              "name": "https://support.apple.com/kb/HT210357",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT210357"
            },
            {
              "name": "https://support.apple.com/kb/HT210358",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT210358"
            },
            {
              "name": "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jul/42"
            },
            {
              "name": "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jul/40"
            },
            {
              "name": "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jul/41"
            },
            {
              "name": "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jul/31"
            },
            {
              "name": "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jul/37"
            },
            {
              "name": "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jul/38"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190806-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/25"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/22"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/23"
            },
            {
              "name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/21"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
            },
            {
              "name": "USN-4164-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4164-1/"
            },
            {
              "name": "FEDORA-2019-fdf6ec39b4",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
            },
            {
              "name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
            },
            {
              "name": "openSUSE-SU-2020:0731",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
            },
            {
              "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-13118",
    "datePublished": "2019-07-01T01:27:39",
    "dateReserved": "2019-06-30T00:00:00",
    "dateUpdated": "2024-08-04T23:41:10.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2830

Vulnerability from cvelistv5

Published

2020-04-15 13:29

Modified

2024-09-27 19:06

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200416-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4662	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/4337-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202006-22	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	vendor-advisory, x_refsource_SUSE
	https://kc.mcafee.com/corporate/index?page=content&id=SB10318	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u251, 8u241, 11.0.6, 14
Version: Java SE Embedded: 8u241

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
          },
          {
            "name": "DSA-4662",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4662"
          },
          {
            "name": "USN-4337-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4337-1/"
          },
          {
            "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
          },
          {
            "name": "FEDORA-2020-5386fe3bbb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
          },
          {
            "name": "FEDORA-2020-21ca991b3b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
          },
          {
            "name": "FEDORA-2020-a60ad9d4ec",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
          },
          {
            "name": "openSUSE-SU-2020:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2020:0800",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
          },
          {
            "name": "GLSA-202006-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-22"
          },
          {
            "name": "openSUSE-SU-2020:0841",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2830",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T17:53:52.379987Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T19:06:46.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u251, 8u241, 11.0.6, 14"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u241"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-09T07:06:10",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
        },
        {
          "name": "DSA-4662",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4662"
        },
        {
          "name": "USN-4337-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4337-1/"
        },
        {
          "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
        },
        {
          "name": "FEDORA-2020-5386fe3bbb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
        },
        {
          "name": "FEDORA-2020-21ca991b3b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
        },
        {
          "name": "FEDORA-2020-a60ad9d4ec",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
        },
        {
          "name": "openSUSE-SU-2020:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2020:0800",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
        },
        {
          "name": "GLSA-202006-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-22"
        },
        {
          "name": "openSUSE-SU-2020:0841",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2830",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u251, 8u241, 11.0.6, 14"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u241"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
            },
            {
              "name": "DSA-4662",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4662"
            },
            {
              "name": "USN-4337-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4337-1/"
            },
            {
              "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
            },
            {
              "name": "FEDORA-2020-5386fe3bbb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
            },
            {
              "name": "FEDORA-2020-21ca991b3b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
            },
            {
              "name": "FEDORA-2020-a60ad9d4ec",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
            },
            {
              "name": "openSUSE-SU-2020:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2020:0800",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
            },
            {
              "name": "GLSA-202006-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-22"
            },
            {
              "name": "openSUSE-SU-2020:0841",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2830",
    "datePublished": "2020-04-15T13:29:48",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-27T19:06:46.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14664

Vulnerability from cvelistv5

Published

2020-07-15 17:34

Modified

2024-09-27 18:25

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200717-0005/	x_refsource_CONFIRM
	https://www.zerodayinitiative.com/advisories/ZDI-20-897/	x_refsource_MISC
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 8u251

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:53:42.545Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14664",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T17:54:50.939497Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T18:25:29.065Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 8u251"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:52",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14664",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 8u251"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "8.3",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14664",
    "datePublished": "2020-07-15T17:34:32",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-27T18:25:29.065Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35559

Vulnerability from cvelistv5

Published

2021-10-20 10:50

Modified

2024-08-04 00:40

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2021.html
	https://security.netapp.com/advisory/ntap-20211022-0004/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/	vendor-advisory
	https://www.debian.org/security/2021/dsa-5000	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	mailing-list
	https://www.debian.org/security/2021/dsa-5012	vendor-advisory
	https://security.gentoo.org/glsa/202209-05	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor

Product

Version

▼

Version: Java SE:7u311
Version: Java SE:8u301
Version: Java SE:11.0.12
Version: Java SE:17
Version: Oracle GraalVM Enterprise Edition:20.3.3
Version: Oracle GraalVM Enterprise Edition:21.2.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "java_se",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7u311"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "java_se",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8u301"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:java_se:11:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "java_se",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "11.0.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "java_se",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "17"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jdk",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7u311"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jdk",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8u301"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jdk:11.0.12:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jdk",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "11.0.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jdk",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "17"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jre:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jre",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7u311"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jre:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jre",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8u301"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jre:11.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jre",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "11.0.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jre:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jre",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "17"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jre:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jre",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "oracle_graalvm_enterprise_edition_20.3.3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jre:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jre",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "oracle_graalvm_enterprise_edition_21.2.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jdk",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "oracle_graalvm_enterprise_edition_20.3.3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "java_se",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "oracle_graalvm_enterprise_edition_20.3.3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "java_se",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "oracle_graalvm_enterprise_edition_21.2.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jdk",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "oracle_graalvm_enterprise_edition_21.2.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-35559",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T16:02:35.502056Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T16:55:17.535Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:46.850Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "name": "FEDORA-2021-35145352b0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
          },
          {
            "name": "FEDORA-2021-7701833090",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
          },
          {
            "name": "FEDORA-2021-9a51a6f8b1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
          },
          {
            "name": "FEDORA-2021-1cc8ffd122",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
          },
          {
            "name": "FEDORA-2021-eb3e3e87d3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
          },
          {
            "name": "FEDORA-2021-107c8c5063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
          },
          {
            "name": "DSA-5000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5000"
          },
          {
            "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
          },
          {
            "name": "DSA-5012",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5012"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE:7u311"
            },
            {
              "status": "affected",
              "version": "Java SE:8u301"
            },
            {
              "status": "affected",
              "version": "Java SE:11.0.12"
            },
            {
              "status": "affected",
              "version": "Java SE:17"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.3"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:13.492147",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "name": "FEDORA-2021-35145352b0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
        },
        {
          "name": "FEDORA-2021-7701833090",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
        },
        {
          "name": "FEDORA-2021-9a51a6f8b1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
        },
        {
          "name": "FEDORA-2021-1cc8ffd122",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
        },
        {
          "name": "FEDORA-2021-eb3e3e87d3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
        },
        {
          "name": "FEDORA-2021-107c8c5063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
        },
        {
          "name": "DSA-5000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5000"
        },
        {
          "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
        },
        {
          "name": "DSA-5012",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5012"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-35559",
    "datePublished": "2021-10-20T10:50:07",
    "dateReserved": "2021-06-28T00:00:00",
    "dateUpdated": "2024-08-04T00:40:46.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11068

Vulnerability from cvelistv5

Published

2019-04-10 19:38

Modified

2024-08-04 22:40

Severity ?

Summary

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

References

▼	URL	Tags
	https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3947-2/	vendor-advisory, x_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2019/04/22/1	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3947-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2019/04/23/5	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html	vendor-advisory, x_refsource_SUSE
	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20191017-0001/	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:16.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
          },
          {
            "name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
          },
          {
            "name": "USN-3947-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3947-2/"
          },
          {
            "name": "[oss-security] 20190422 Nokogiri security update v1.10.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
          },
          {
            "name": "USN-3947-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3947-1/"
          },
          {
            "name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
          },
          {
            "name": "openSUSE-SU-2019:1433",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
          },
          {
            "name": "openSUSE-SU-2019:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
          },
          {
            "name": "openSUSE-SU-2019:1428",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
          },
          {
            "name": "openSUSE-SU-2019:1527",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
          },
          {
            "name": "FEDORA-2019-e21c77ffae",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
          },
          {
            "name": "FEDORA-2019-320d5295fc",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
          },
          {
            "name": "FEDORA-2019-e74d639587",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
          },
          {
            "name": "openSUSE-SU-2019:1824",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-17T15:06:40",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
        },
        {
          "name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
        },
        {
          "name": "USN-3947-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3947-2/"
        },
        {
          "name": "[oss-security] 20190422 Nokogiri security update v1.10.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
        },
        {
          "name": "USN-3947-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3947-1/"
        },
        {
          "name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
        },
        {
          "name": "openSUSE-SU-2019:1433",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
        },
        {
          "name": "openSUSE-SU-2019:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
        },
        {
          "name": "openSUSE-SU-2019:1428",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
        },
        {
          "name": "openSUSE-SU-2019:1527",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
        },
        {
          "name": "FEDORA-2019-e21c77ffae",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
        },
        {
          "name": "FEDORA-2019-320d5295fc",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
        },
        {
          "name": "FEDORA-2019-e74d639587",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
        },
        {
          "name": "openSUSE-SU-2019:1824",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11068",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6",
              "refsource": "MISC",
              "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
            },
            {
              "name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
            },
            {
              "name": "USN-3947-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3947-2/"
            },
            {
              "name": "[oss-security] 20190422 Nokogiri security update v1.10.3",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
            },
            {
              "name": "USN-3947-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3947-1/"
            },
            {
              "name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
            },
            {
              "name": "openSUSE-SU-2019:1433",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
            },
            {
              "name": "openSUSE-SU-2019:1430",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
            },
            {
              "name": "openSUSE-SU-2019:1428",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
            },
            {
              "name": "openSUSE-SU-2019:1527",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
            },
            {
              "name": "FEDORA-2019-e21c77ffae",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
            },
            {
              "name": "FEDORA-2019-320d5295fc",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
            },
            {
              "name": "FEDORA-2019-e74d639587",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
            },
            {
              "name": "openSUSE-SU-2019:1824",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191017-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11068",
    "datePublished": "2019-04-10T19:38:18",
    "dateReserved": "2019-04-10T00:00:00",
    "dateUpdated": "2024-08-04T22:40:16.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21293

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u321
Version: Oracle Java SE:8u311
Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "FEDORA-2022-477401b0f7",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:42.144Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "FEDORA-2022-477401b0f7",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21293",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "FEDORA-2022-477401b0f7",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21293",
    "datePublished": "2022-01-19T11:23:33",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:55.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-16168

Vulnerability from cvelistv5

Published

2019-09-09 16:07

Modified

2024-08-05 01:10

Severity ?

Summary

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

References

▼	URL	Tags
	https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg116312.html	x_refsource_MISC
	https://www.sqlite.org/src/timeline?c=98357d8c1263920b	x_refsource_MISC
	https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20190926-0003/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/4205-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/	vendor-advisory, x_refsource_FEDORA
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200122-0003/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202003-16	vendor-advisory, x_refsource_GENTOO
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html	mailing-list, x_refsource_MLIST
	https://www.tenable.com/security/tns-2021-08	x_refsource_CONFIRM
	https://www.tenable.com/security/tns-2021-11	x_refsource_CONFIRM
	https://www.tenable.com/security/tns-2021-14	x_refsource_CONFIRM
	https://kc.mcafee.com/corporate/index?page=content&id=SB10365	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:10:41.487Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg116312.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sqlite.org/src/timeline?c=98357d8c1263920b"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190926-0003/"
          },
          {
            "name": "openSUSE-SU-2019:2300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html"
          },
          {
            "name": "openSUSE-SU-2019:2298",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html"
          },
          {
            "name": "USN-4205-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4205-1/"
          },
          {
            "name": "FEDORA-2019-b1636e0b70",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
          },
          {
            "name": "GLSA-202003-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-16"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-08"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-14"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-31T07:06:22",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg116312.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sqlite.org/src/timeline?c=98357d8c1263920b"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190926-0003/"
        },
        {
          "name": "openSUSE-SU-2019:2300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html"
        },
        {
          "name": "openSUSE-SU-2019:2298",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html"
        },
        {
          "name": "USN-4205-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4205-1/"
        },
        {
          "name": "FEDORA-2019-b1636e0b70",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
        },
        {
          "name": "GLSA-202003-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-16"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-08"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-14"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16168",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html",
              "refsource": "MISC",
              "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html"
            },
            {
              "name": "https://www.sqlite.org/src/timeline?c=98357d8c1263920b",
              "refsource": "MISC",
              "url": "https://www.sqlite.org/src/timeline?c=98357d8c1263920b"
            },
            {
              "name": "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62",
              "refsource": "MISC",
              "url": "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190926-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190926-0003/"
            },
            {
              "name": "openSUSE-SU-2019:2300",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html"
            },
            {
              "name": "openSUSE-SU-2019:2298",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html"
            },
            {
              "name": "USN-4205-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4205-1/"
            },
            {
              "name": "FEDORA-2019-b1636e0b70",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
            },
            {
              "name": "GLSA-202003-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-16"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-08",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-08"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-11",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-11"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-14",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-14"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16168",
    "datePublished": "2019-09-09T16:07:15",
    "dateReserved": "2019-09-09T00:00:00",
    "dateUpdated": "2024-08-05T01:10:41.487Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2778

Vulnerability from cvelistv5

Published

2020-04-15 13:29

Modified

2024-09-30 15:38

Severity ?

3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200416-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4662	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/4337-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 11.0.6, 14

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.621Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
          },
          {
            "name": "DSA-4662",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4662"
          },
          {
            "name": "USN-4337-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4337-1/"
          },
          {
            "name": "openSUSE-SU-2020:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2778",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T14:59:35.969192Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T15:38:23.112Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 11.0.6, 14"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-02T14:06:15",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
        },
        {
          "name": "DSA-4662",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4662"
        },
        {
          "name": "USN-4337-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4337-1/"
        },
        {
          "name": "openSUSE-SU-2020:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2778",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 11.0.6, 14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
            },
            {
              "name": "DSA-4662",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4662"
            },
            {
              "name": "USN-4337-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4337-1/"
            },
            {
              "name": "openSUSE-SU-2020:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2778",
    "datePublished": "2020-04-15T13:29:45",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T15:38:23.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35564

Vulnerability from cvelistv5

Published

2021-10-20 10:50

Modified

2024-08-04 00:40

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2021.html
	https://security.netapp.com/advisory/ntap-20211022-0004/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/	vendor-advisory
	https://www.debian.org/security/2021/dsa-5000	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	mailing-list
	https://www.debian.org/security/2021/dsa-5012	vendor-advisory
	https://security.gentoo.org/glsa/202209-05	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor

Product

Version

▼

Version: Java SE:7u311
Version: Java SE:8u301
Version: Java SE:11.0.12
Version: Java SE:17
Version: Oracle GraalVM Enterprise Edition:20.3.3
Version: Oracle GraalVM Enterprise Edition:21.2.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openjdk",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "11.0.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openjdk",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "17"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openjdk",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openjdk",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "graalvm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "20.3.3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "graalvm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.2.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "oncommand_insight",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fedora",
            "vendor": "fedoraproject",
            "versions": [
              {
                "status": "affected",
                "version": "33"
              },
              {
                "status": "affected",
                "version": "34"
              },
              {
                "status": "affected",
                "version": "35"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "10.0"
              },
              {
                "status": "affected",
                "version": "11.0"
              },
              {
                "status": "affected",
                "version": "9.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-35564",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-19T18:55:09.687351Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-19T19:06:41.603Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:46.714Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "name": "FEDORA-2021-35145352b0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
          },
          {
            "name": "FEDORA-2021-7701833090",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
          },
          {
            "name": "FEDORA-2021-9a51a6f8b1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
          },
          {
            "name": "FEDORA-2021-1cc8ffd122",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
          },
          {
            "name": "FEDORA-2021-eb3e3e87d3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
          },
          {
            "name": "FEDORA-2021-107c8c5063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
          },
          {
            "name": "DSA-5000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5000"
          },
          {
            "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
          },
          {
            "name": "DSA-5012",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5012"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE:7u311"
            },
            {
              "status": "affected",
              "version": "Java SE:8u301"
            },
            {
              "status": "affected",
              "version": "Java SE:11.0.12"
            },
            {
              "status": "affected",
              "version": "Java SE:17"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.3"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:35.036915",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "name": "FEDORA-2021-35145352b0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
        },
        {
          "name": "FEDORA-2021-7701833090",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
        },
        {
          "name": "FEDORA-2021-9a51a6f8b1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
        },
        {
          "name": "FEDORA-2021-1cc8ffd122",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
        },
        {
          "name": "FEDORA-2021-eb3e3e87d3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
        },
        {
          "name": "FEDORA-2021-107c8c5063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
        },
        {
          "name": "DSA-5000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5000"
        },
        {
          "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
        },
        {
          "name": "DSA-5012",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5012"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-35564",
    "datePublished": "2021-10-20T10:50:11",
    "dateReserved": "2021-06-28T00:00:00",
    "dateUpdated": "2024-08-04T00:40:46.714Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35578

Vulnerability from cvelistv5

Published

2021-10-20 10:50

Modified

2024-08-22 14:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2021.html
	https://security.netapp.com/advisory/ntap-20211022-0004/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/	vendor-advisory
	https://www.debian.org/security/2021/dsa-5000	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	mailing-list
	https://www.debian.org/security/2021/dsa-5012	vendor-advisory
	https://security.gentoo.org/glsa/202209-05	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor

Product

Version

▼

Version: Java SE:8u301
Version: Java SE:11.0.12
Version: Java SE:17
Version: Oracle GraalVM Enterprise Edition:20.3.3
Version: Oracle GraalVM Enterprise Edition:21.2.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:47.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "name": "FEDORA-2021-7701833090",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
          },
          {
            "name": "FEDORA-2021-1cc8ffd122",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
          },
          {
            "name": "FEDORA-2021-107c8c5063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
          },
          {
            "name": "DSA-5000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5000"
          },
          {
            "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
          },
          {
            "name": "DSA-5012",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5012"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "java_se",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8u301"
              },
              {
                "status": "affected",
                "version": "11.0.12"
              },
              {
                "status": "affected",
                "version": "17"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:graalvm_enterprise_edition:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "graalvm_enterprise_edition",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "20.33"
              },
              {
                "status": "affected",
                "version": "21.2.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-35578",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-18T17:53:39.464164Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-22T14:44:44.233Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE:8u301"
            },
            {
              "status": "affected",
              "version": "Java SE:11.0.12"
            },
            {
              "status": "affected",
              "version": "Java SE:17"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.3"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:05.008220",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "name": "FEDORA-2021-7701833090",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
        },
        {
          "name": "FEDORA-2021-1cc8ffd122",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
        },
        {
          "name": "FEDORA-2021-107c8c5063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
        },
        {
          "name": "DSA-5000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5000"
        },
        {
          "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
        },
        {
          "name": "DSA-5012",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5012"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-35578",
    "datePublished": "2021-10-20T10:50:24",
    "dateReserved": "2021-06-28T00:00:00",
    "dateUpdated": "2024-08-22T14:44:44.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21294

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u321
Version: Oracle Java SE:8u311
Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.305Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:44.533Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21294",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21294",
    "datePublished": "2022-01-19T11:23:34",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:55.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2659

Vulnerability from cvelistv5

Published

2020-01-15 16:34

Modified

2024-09-30 15:58

Severity ?

3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2020:0157	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0196	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20200122-0003/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2020:0231	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0202	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/4257-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2020:0465	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0470	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0467	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0469	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0468	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2020/dsa-4621	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Feb/22	mailing-list, x_refsource_BUGTRAQ
	https://access.redhat.com/errata/RHSA-2020:0541	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0632	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202101-19	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u241, 8u231
Version: Java SE Embedded: 8u231

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:09:54.920Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "RHSA-2020:0157",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0157"
          },
          {
            "name": "RHSA-2020:0196",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0196"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
          },
          {
            "name": "openSUSE-SU-2020:0147",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
          },
          {
            "name": "RHSA-2020:0231",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0231"
          },
          {
            "name": "RHSA-2020:0202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0202"
          },
          {
            "name": "USN-4257-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4257-1/"
          },
          {
            "name": "RHSA-2020:0465",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0465"
          },
          {
            "name": "RHSA-2020:0470",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0470"
          },
          {
            "name": "RHSA-2020:0467",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0467"
          },
          {
            "name": "RHSA-2020:0469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0469"
          },
          {
            "name": "RHSA-2020:0468",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0468"
          },
          {
            "name": "DSA-4621",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4621"
          },
          {
            "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Feb/22"
          },
          {
            "name": "RHSA-2020:0541",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0541"
          },
          {
            "name": "RHSA-2020:0632",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0632"
          },
          {
            "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2659",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:02:31.237374Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T15:58:31.274Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u241, 8u231"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u231"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:19",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "RHSA-2020:0157",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0157"
        },
        {
          "name": "RHSA-2020:0196",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0196"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
        },
        {
          "name": "openSUSE-SU-2020:0147",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
        },
        {
          "name": "RHSA-2020:0231",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0231"
        },
        {
          "name": "RHSA-2020:0202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0202"
        },
        {
          "name": "USN-4257-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4257-1/"
        },
        {
          "name": "RHSA-2020:0465",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0465"
        },
        {
          "name": "RHSA-2020:0470",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0470"
        },
        {
          "name": "RHSA-2020:0467",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0467"
        },
        {
          "name": "RHSA-2020:0469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0469"
        },
        {
          "name": "RHSA-2020:0468",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0468"
        },
        {
          "name": "DSA-4621",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4621"
        },
        {
          "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Feb/22"
        },
        {
          "name": "RHSA-2020:0541",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0541"
        },
        {
          "name": "RHSA-2020:0632",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0632"
        },
        {
          "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2659",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u241, 8u231"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u231"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "RHSA-2020:0157",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0157"
            },
            {
              "name": "RHSA-2020:0196",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0196"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
            },
            {
              "name": "openSUSE-SU-2020:0147",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
            },
            {
              "name": "RHSA-2020:0231",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0231"
            },
            {
              "name": "RHSA-2020:0202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0202"
            },
            {
              "name": "USN-4257-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4257-1/"
            },
            {
              "name": "RHSA-2020:0465",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0465"
            },
            {
              "name": "RHSA-2020:0470",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0470"
            },
            {
              "name": "RHSA-2020:0467",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0467"
            },
            {
              "name": "RHSA-2020:0469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0469"
            },
            {
              "name": "RHSA-2020:0468",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0468"
            },
            {
              "name": "DSA-4621",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4621"
            },
            {
              "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Feb/22"
            },
            {
              "name": "RHSA-2020:0541",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0541"
            },
            {
              "name": "RHSA-2020:0632",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0632"
            },
            {
              "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2659",
    "datePublished": "2020-01-15T16:34:05",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T15:58:31.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14781

Vulnerability from cvelistv5

Published

2020-10-21 14:04

Modified

2024-09-26 20:24

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20201023-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4779	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202101-19	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u271
Version: 8u261
Version: 11.0.8
Version: 15; Java SE Embedded: 8u261

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:53:43.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
          },
          {
            "name": "DSA-4779",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4779"
          },
          {
            "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14781",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T19:44:41.333549Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T20:24:11.172Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u271"
            },
            {
              "status": "affected",
              "version": "8u261"
            },
            {
              "status": "affected",
              "version": "11.0.8"
            },
            {
              "status": "affected",
              "version": "15; Java SE Embedded: 8u261"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:20",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
        },
        {
          "name": "DSA-4779",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4779"
        },
        {
          "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14781",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u271"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u261"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "11.0.8"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "15; Java SE Embedded: 8u261"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201023-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
            },
            {
              "name": "DSA-4779",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4779"
            },
            {
              "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14781",
    "datePublished": "2020-10-21T14:04:25",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-26T20:24:11.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2773

Vulnerability from cvelistv5

Published

2020-04-15 13:29

Modified

2024-09-30 15:39

Severity ?

3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200416-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4662	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/4337-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4668	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202006-22	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	vendor-advisory, x_refsource_SUSE
	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u251, 8u241, 11.0.6, 14
Version: Java SE Embedded: 8u241

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
          },
          {
            "name": "DSA-4662",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4662"
          },
          {
            "name": "USN-4337-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4337-1/"
          },
          {
            "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
          },
          {
            "name": "DSA-4668",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4668"
          },
          {
            "name": "FEDORA-2020-5386fe3bbb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
          },
          {
            "name": "FEDORA-2020-21ca991b3b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
          },
          {
            "name": "FEDORA-2020-a60ad9d4ec",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
          },
          {
            "name": "openSUSE-SU-2020:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2020:0800",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
          },
          {
            "name": "GLSA-202006-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-22"
          },
          {
            "name": "openSUSE-SU-2020:0841",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2773",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T14:59:40.704407Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T15:39:10.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u251, 8u241, 11.0.6, 14"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u241"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:54",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
        },
        {
          "name": "DSA-4662",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4662"
        },
        {
          "name": "USN-4337-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4337-1/"
        },
        {
          "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
        },
        {
          "name": "DSA-4668",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4668"
        },
        {
          "name": "FEDORA-2020-5386fe3bbb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
        },
        {
          "name": "FEDORA-2020-21ca991b3b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
        },
        {
          "name": "FEDORA-2020-a60ad9d4ec",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
        },
        {
          "name": "openSUSE-SU-2020:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2020:0800",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
        },
        {
          "name": "GLSA-202006-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-22"
        },
        {
          "name": "openSUSE-SU-2020:0841",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2773",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u251, 8u241, 11.0.6, 14"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u241"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
            },
            {
              "name": "DSA-4662",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4662"
            },
            {
              "name": "USN-4337-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4337-1/"
            },
            {
              "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
            },
            {
              "name": "DSA-4668",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4668"
            },
            {
              "name": "FEDORA-2020-5386fe3bbb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
            },
            {
              "name": "FEDORA-2020-21ca991b3b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
            },
            {
              "name": "FEDORA-2020-a60ad9d4ec",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
            },
            {
              "name": "openSUSE-SU-2020:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2020:0800",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
            },
            {
              "name": "GLSA-202006-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-22"
            },
            {
              "name": "openSUSE-SU-2020:0841",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2773",
    "datePublished": "2020-04-15T13:29:45",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T15:39:10.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21434

Vulnerability from cvelistv5

Published

2022-04-19 20:37

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://security.netapp.com/advisory/ntap-20220429-0006/
	https://www.debian.org/security/2022/dsa-5128	vendor-advisory
	https://www.debian.org/security/2022/dsa-5131	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	mailing-list
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u331
Version: Oracle Java SE:8u321
Version: Oracle Java SE:11.0.14
Version: Oracle Java SE:17.0.2
Version: Oracle Java SE:18
Version: Oracle GraalVM Enterprise Edition:20.3.5
Version: Oracle GraalVM Enterprise Edition:21.3.1
Version: Oracle GraalVM Enterprise Edition:22.0.0.2

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21434",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-02T19:51:37.654803Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-02T19:51:53.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:56.147Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
          },
          {
            "name": "DSA-5128",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5128"
          },
          {
            "name": "DSA-5131",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5131"
          },
          {
            "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u331"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.14"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.2"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:18"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:18.947256",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
        },
        {
          "name": "DSA-5128",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5128"
        },
        {
          "name": "DSA-5131",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5131"
        },
        {
          "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21434",
    "datePublished": "2022-04-19T20:37:18",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:56.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2816

Vulnerability from cvelistv5

Published

2020-04-15 13:29

Modified

2024-09-27 19:08

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200416-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4662	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/4337-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 11.0.6, 14

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.771Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
          },
          {
            "name": "DSA-4662",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4662"
          },
          {
            "name": "USN-4337-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4337-1/"
          },
          {
            "name": "openSUSE-SU-2020:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2816",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T17:54:00.321524Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T19:08:23.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 11.0.6, 14"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-02T14:06:12",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
        },
        {
          "name": "DSA-4662",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4662"
        },
        {
          "name": "USN-4337-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4337-1/"
        },
        {
          "name": "openSUSE-SU-2020:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2816",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 11.0.6, 14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "7.5",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
            },
            {
              "name": "DSA-4662",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4662"
            },
            {
              "name": "USN-4337-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4337-1/"
            },
            {
              "name": "openSUSE-SU-2020:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2816",
    "datePublished": "2020-04-15T13:29:47",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-27T19:08:23.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3522

Vulnerability from cvelistv5

Published

2021-06-02 14:38

Modified

2024-08-03 17:01

Severity ?

Summary

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1954761	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20211022-0004/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202208-31	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

GStreamer

Version: All GStreamer version before 1.18.4

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:08.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954761"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "name": "GLSA-202208-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GStreamer",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All GStreamer version before 1.18.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-15T01:06:26",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954761"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "name": "GLSA-202208-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-31"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3522",
    "datePublished": "2021-06-02T14:38:16",
    "dateReserved": "2021-04-28T00:00:00",
    "dateUpdated": "2024-08-03T17:01:08.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2781

Vulnerability from cvelistv5

Published

2020-04-15 13:29

Modified

2024-09-30 15:05

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200416-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4662	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/4337-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4668	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202006-22	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	vendor-advisory, x_refsource_SUSE
	https://kc.mcafee.com/corporate/index?page=content&id=SB10318	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u251, 8u241, 11.0.6, 14
Version: Java SE Embedded: 8u241

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.849Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
          },
          {
            "name": "DSA-4662",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4662"
          },
          {
            "name": "USN-4337-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4337-1/"
          },
          {
            "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
          },
          {
            "name": "DSA-4668",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4668"
          },
          {
            "name": "FEDORA-2020-5386fe3bbb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
          },
          {
            "name": "FEDORA-2020-21ca991b3b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
          },
          {
            "name": "FEDORA-2020-a60ad9d4ec",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
          },
          {
            "name": "openSUSE-SU-2020:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2020:0800",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
          },
          {
            "name": "GLSA-202006-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-22"
          },
          {
            "name": "openSUSE-SU-2020:0841",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2781",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T14:57:27.440297Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T15:05:39.406Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u251, 8u241, 11.0.6, 14"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u241"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:35",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
        },
        {
          "name": "DSA-4662",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4662"
        },
        {
          "name": "USN-4337-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4337-1/"
        },
        {
          "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
        },
        {
          "name": "DSA-4668",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4668"
        },
        {
          "name": "FEDORA-2020-5386fe3bbb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
        },
        {
          "name": "FEDORA-2020-21ca991b3b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
        },
        {
          "name": "FEDORA-2020-a60ad9d4ec",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
        },
        {
          "name": "openSUSE-SU-2020:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2020:0800",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
        },
        {
          "name": "GLSA-202006-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-22"
        },
        {
          "name": "openSUSE-SU-2020:0841",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2781",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u251, 8u241, 11.0.6, 14"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u241"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
            },
            {
              "name": "DSA-4662",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4662"
            },
            {
              "name": "USN-4337-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4337-1/"
            },
            {
              "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
            },
            {
              "name": "DSA-4668",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4668"
            },
            {
              "name": "FEDORA-2020-5386fe3bbb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
            },
            {
              "name": "FEDORA-2020-21ca991b3b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
            },
            {
              "name": "FEDORA-2020-a60ad9d4ec",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
            },
            {
              "name": "openSUSE-SU-2020:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2020:0800",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
            },
            {
              "name": "GLSA-202006-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-22"
            },
            {
              "name": "openSUSE-SU-2020:0841",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2781",
    "datePublished": "2020-04-15T13:29:46",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T15:05:39.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21366

Vulnerability from cvelistv5

Published

2022-01-19 11:25

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:25.759Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21366",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21366",
    "datePublished": "2022-01-19T11:25:49",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:55.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14803

Vulnerability from cvelistv5

Published

2020-10-21 14:04

Modified

2024-09-26 20:20

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	https://www.debian.org/security/2020/dsa-4779	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://www.oracle.com/security-alerts/cpujan2021.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20201023-0004/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202101-19	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 11.0.8
Version: 15

GraalVM Enterprise Edition

Version: 19.3.4
Version: 20.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:00:50.815Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "DSA-4779",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4779"
          },
          {
            "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14803",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T19:56:08.056603Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T20:20:23.469Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 11.0.8"
            },
            {
              "status": "affected",
              "version": "15"
            }
          ]
        },
        {
          "product": "GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "19.3.4"
            },
            {
              "status": "affected",
              "version": "20.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:07",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "name": "DSA-4779",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4779"
        },
        {
          "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14803",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 11.0.8"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "15"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GraalVM Enterprise Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "19.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "20.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "DSA-4779",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4779"
            },
            {
              "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201023-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14803",
    "datePublished": "2020-10-21T14:04:26",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-26T20:20:23.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14593

Vulnerability from cvelistv5

Published

2020-07-15 17:34

Modified

2024-09-27 18:35

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200717-0005/	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/	vendor-advisory, x_refsource_FEDORA
	https://usn.ubuntu.com/4433-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2020/dsa-4734	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	vendor-advisory, x_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4453-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/202008-24	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u261, 8u251, 11.0.7, 14.0.1
Version: Java SE Embedded: 8u251

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:53:42.576Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
          },
          {
            "name": "FEDORA-2020-e418151dc3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
          },
          {
            "name": "FEDORA-2020-5d0b4a2b5b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
          },
          {
            "name": "USN-4433-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4433-1/"
          },
          {
            "name": "DSA-4734",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4734"
          },
          {
            "name": "FEDORA-2020-508df53719",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
          },
          {
            "name": "FEDORA-2020-93cc9c3ef2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
          },
          {
            "name": "openSUSE-SU-2020:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
          },
          {
            "name": "openSUSE-SU-2020:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
          },
          {
            "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
          },
          {
            "name": "USN-4453-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4453-1/"
          },
          {
            "name": "GLSA-202008-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202008-24"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T17:58:35.278922Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T18:35:33.800Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u261, 8u251, 11.0.7, 14.0.1"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u251"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:43",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
        },
        {
          "name": "FEDORA-2020-e418151dc3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
        },
        {
          "name": "FEDORA-2020-5d0b4a2b5b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
        },
        {
          "name": "USN-4433-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4433-1/"
        },
        {
          "name": "DSA-4734",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4734"
        },
        {
          "name": "FEDORA-2020-508df53719",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
        },
        {
          "name": "FEDORA-2020-93cc9c3ef2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
        },
        {
          "name": "openSUSE-SU-2020:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
        },
        {
          "name": "openSUSE-SU-2020:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
        },
        {
          "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
        },
        {
          "name": "USN-4453-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4453-1/"
        },
        {
          "name": "GLSA-202008-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202008-24"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14593",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u261, 8u251, 11.0.7, 14.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u251"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "7.4",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
            },
            {
              "name": "FEDORA-2020-e418151dc3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
            },
            {
              "name": "FEDORA-2020-5d0b4a2b5b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
            },
            {
              "name": "USN-4433-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4433-1/"
            },
            {
              "name": "DSA-4734",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4734"
            },
            {
              "name": "FEDORA-2020-508df53719",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
            },
            {
              "name": "FEDORA-2020-93cc9c3ef2",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
            },
            {
              "name": "openSUSE-SU-2020:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
            },
            {
              "name": "openSUSE-SU-2020:1191",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
            },
            {
              "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
            },
            {
              "name": "USN-4453-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4453-1/"
            },
            {
              "name": "GLSA-202008-24",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202008-24"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14593",
    "datePublished": "2020-07-15T17:34:29",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-27T18:35:33.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21476

Vulnerability from cvelistv5

Published

2022-04-19 20:38

Modified

2024-08-03 02:38

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220429-0006/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5128	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5131	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	mailing-list, x_refsource_MLIST

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u331
Version: Oracle Java SE:8u321
Version: Oracle Java SE:11.0.14
Version: Oracle Java SE:17.0.2
Version: Oracle Java SE:18
Version: Oracle GraalVM Enterprise Edition:20.3.5
Version: Oracle GraalVM Enterprise Edition:21.3.1
Version: Oracle GraalVM Enterprise Edition:22.0.0.2

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:56.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
          },
          {
            "name": "DSA-5128",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5128"
          },
          {
            "name": "DSA-5131",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5131"
          },
          {
            "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u331"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.14"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.2"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:18"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-14T11:06:05",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
        },
        {
          "name": "DSA-5128",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5128"
        },
        {
          "name": "DSA-5131",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5131"
        },
        {
          "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21476",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u331"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.14"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:18"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.5"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:22.0.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "7.5",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220429-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
            },
            {
              "name": "DSA-5128",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5128"
            },
            {
              "name": "DSA-5131",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5131"
            },
            {
              "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21476",
    "datePublished": "2022-04-19T20:38:20",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:56.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2654

Vulnerability from cvelistv5

Published

2020-01-15 16:34

Modified

2024-09-30 15:59

Severity ?

3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2020:0128	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0122	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2020/dsa-4605	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Jan/24	mailing-list, x_refsource_BUGTRAQ
	https://access.redhat.com/errata/RHSA-2020:0157	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0196	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20200122-0003/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2020:0232	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0231	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0202	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/4257-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2020/dsa-4621	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Feb/22	mailing-list, x_refsource_BUGTRAQ
	https://access.redhat.com/errata/RHSA-2020:0541	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0632	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	mailing-list, x_refsource_MLIST
	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202101-19	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:09:55.025Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "RHSA-2020:0128",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0128"
          },
          {
            "name": "RHSA-2020:0122",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0122"
          },
          {
            "name": "DSA-4605",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4605"
          },
          {
            "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/24"
          },
          {
            "name": "RHSA-2020:0157",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0157"
          },
          {
            "name": "RHSA-2020:0196",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0196"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
          },
          {
            "name": "openSUSE-SU-2020:0113",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
          },
          {
            "name": "openSUSE-SU-2020:0147",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
          },
          {
            "name": "RHSA-2020:0232",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0232"
          },
          {
            "name": "RHSA-2020:0231",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0231"
          },
          {
            "name": "RHSA-2020:0202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0202"
          },
          {
            "name": "USN-4257-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4257-1/"
          },
          {
            "name": "DSA-4621",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4621"
          },
          {
            "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Feb/22"
          },
          {
            "name": "RHSA-2020:0541",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0541"
          },
          {
            "name": "RHSA-2020:0632",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0632"
          },
          {
            "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2654",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:02:46.145962Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T15:59:18.682Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:12",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "RHSA-2020:0128",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0128"
        },
        {
          "name": "RHSA-2020:0122",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0122"
        },
        {
          "name": "DSA-4605",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4605"
        },
        {
          "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/24"
        },
        {
          "name": "RHSA-2020:0157",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0157"
        },
        {
          "name": "RHSA-2020:0196",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0196"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
        },
        {
          "name": "openSUSE-SU-2020:0113",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
        },
        {
          "name": "openSUSE-SU-2020:0147",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
        },
        {
          "name": "RHSA-2020:0232",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0232"
        },
        {
          "name": "RHSA-2020:0231",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0231"
        },
        {
          "name": "RHSA-2020:0202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0202"
        },
        {
          "name": "USN-4257-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4257-1/"
        },
        {
          "name": "DSA-4621",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4621"
        },
        {
          "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Feb/22"
        },
        {
          "name": "RHSA-2020:0541",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0541"
        },
        {
          "name": "RHSA-2020:0632",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0632"
        },
        {
          "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2654",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "RHSA-2020:0128",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0128"
            },
            {
              "name": "RHSA-2020:0122",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0122"
            },
            {
              "name": "DSA-4605",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4605"
            },
            {
              "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/24"
            },
            {
              "name": "RHSA-2020:0157",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0157"
            },
            {
              "name": "RHSA-2020:0196",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0196"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
            },
            {
              "name": "openSUSE-SU-2020:0113",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
            },
            {
              "name": "openSUSE-SU-2020:0147",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
            },
            {
              "name": "RHSA-2020:0232",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0232"
            },
            {
              "name": "RHSA-2020:0231",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0231"
            },
            {
              "name": "RHSA-2020:0202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0202"
            },
            {
              "name": "USN-4257-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4257-1/"
            },
            {
              "name": "DSA-4621",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4621"
            },
            {
              "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Feb/22"
            },
            {
              "name": "RHSA-2020:0541",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0541"
            },
            {
              "name": "RHSA-2020:0632",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0632"
            },
            {
              "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2654",
    "datePublished": "2020-01-15T16:34:05",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T15:59:18.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21360

Vulnerability from cvelistv5

Published

2022-01-19 11:25

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u321
Version: Oracle Java SE:8u311
Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:16.462Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21360",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21360",
    "datePublished": "2022-01-19T11:25:37",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:55.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14581

Vulnerability from cvelistv5

Published

2020-07-15 17:34

Modified

2024-09-27 18:37

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200717-0005/	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/	vendor-advisory, x_refsource_FEDORA
	https://usn.ubuntu.com/4433-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2020/dsa-4734	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	vendor-advisory, x_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4453-1/	vendor-advisory, x_refsource_UBUNTU
	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 8u251, 11.0.7, 14.0.1
Version: Java SE Embedded: 8u251

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:53:41.868Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
          },
          {
            "name": "FEDORA-2020-e418151dc3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
          },
          {
            "name": "FEDORA-2020-5d0b4a2b5b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
          },
          {
            "name": "USN-4433-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4433-1/"
          },
          {
            "name": "DSA-4734",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4734"
          },
          {
            "name": "FEDORA-2020-508df53719",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
          },
          {
            "name": "FEDORA-2020-93cc9c3ef2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
          },
          {
            "name": "openSUSE-SU-2020:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
          },
          {
            "name": "openSUSE-SU-2020:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
          },
          {
            "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
          },
          {
            "name": "USN-4453-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4453-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14581",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T17:58:50.930753Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T18:37:38.551Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 8u251, 11.0.7, 14.0.1"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u251"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:46",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
        },
        {
          "name": "FEDORA-2020-e418151dc3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
        },
        {
          "name": "FEDORA-2020-5d0b4a2b5b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
        },
        {
          "name": "USN-4433-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4433-1/"
        },
        {
          "name": "DSA-4734",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4734"
        },
        {
          "name": "FEDORA-2020-508df53719",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
        },
        {
          "name": "FEDORA-2020-93cc9c3ef2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
        },
        {
          "name": "openSUSE-SU-2020:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
        },
        {
          "name": "openSUSE-SU-2020:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
        },
        {
          "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
        },
        {
          "name": "USN-4453-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4453-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14581",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 8u251, 11.0.7, 14.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u251"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.7",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
            },
            {
              "name": "FEDORA-2020-e418151dc3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
            },
            {
              "name": "FEDORA-2020-5d0b4a2b5b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
            },
            {
              "name": "USN-4433-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4433-1/"
            },
            {
              "name": "DSA-4734",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4734"
            },
            {
              "name": "FEDORA-2020-508df53719",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
            },
            {
              "name": "FEDORA-2020-93cc9c3ef2",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
            },
            {
              "name": "openSUSE-SU-2020:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
            },
            {
              "name": "openSUSE-SU-2020:1191",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
            },
            {
              "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
            },
            {
              "name": "USN-4453-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4453-1/"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14581",
    "datePublished": "2020-07-15T17:34:28",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-27T18:37:38.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2593

Vulnerability from cvelistv5

Published

2020-01-15 16:34

Modified

2024-09-30 16:29

Severity ?

4.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2020:0128	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0122	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2020/dsa-4605	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Jan/24	mailing-list, x_refsource_BUGTRAQ
	https://access.redhat.com/errata/RHSA-2020:0157	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0196	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20200122-0003/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2020:0232	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0231	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0202	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/4257-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2020:0465	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0470	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0467	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0469	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0468	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2020/dsa-4621	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2020/Feb/22	mailing-list, x_refsource_BUGTRAQ
	https://access.redhat.com/errata/RHSA-2020:0541	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0632	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	mailing-list, x_refsource_MLIST
	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202101-19	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u241, 8u231, 11.0.5, 13.0.1
Version: Java SE Embedded: 8u231

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:09:54.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "RHSA-2020:0128",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0128"
          },
          {
            "name": "RHSA-2020:0122",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0122"
          },
          {
            "name": "DSA-4605",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4605"
          },
          {
            "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/24"
          },
          {
            "name": "RHSA-2020:0157",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0157"
          },
          {
            "name": "RHSA-2020:0196",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0196"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
          },
          {
            "name": "openSUSE-SU-2020:0113",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
          },
          {
            "name": "openSUSE-SU-2020:0147",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
          },
          {
            "name": "RHSA-2020:0232",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0232"
          },
          {
            "name": "RHSA-2020:0231",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0231"
          },
          {
            "name": "RHSA-2020:0202",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0202"
          },
          {
            "name": "USN-4257-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4257-1/"
          },
          {
            "name": "RHSA-2020:0465",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0465"
          },
          {
            "name": "RHSA-2020:0470",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0470"
          },
          {
            "name": "RHSA-2020:0467",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0467"
          },
          {
            "name": "RHSA-2020:0469",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0469"
          },
          {
            "name": "RHSA-2020:0468",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0468"
          },
          {
            "name": "DSA-4621",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4621"
          },
          {
            "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Feb/22"
          },
          {
            "name": "RHSA-2020:0541",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0541"
          },
          {
            "name": "RHSA-2020:0632",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0632"
          },
          {
            "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:04:39.425813Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T16:29:29.014Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u231"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:18",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "RHSA-2020:0128",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0128"
        },
        {
          "name": "RHSA-2020:0122",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0122"
        },
        {
          "name": "DSA-4605",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4605"
        },
        {
          "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/24"
        },
        {
          "name": "RHSA-2020:0157",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0157"
        },
        {
          "name": "RHSA-2020:0196",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0196"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
        },
        {
          "name": "openSUSE-SU-2020:0113",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
        },
        {
          "name": "openSUSE-SU-2020:0147",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
        },
        {
          "name": "RHSA-2020:0232",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0232"
        },
        {
          "name": "RHSA-2020:0231",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0231"
        },
        {
          "name": "RHSA-2020:0202",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0202"
        },
        {
          "name": "USN-4257-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4257-1/"
        },
        {
          "name": "RHSA-2020:0465",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0465"
        },
        {
          "name": "RHSA-2020:0470",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0470"
        },
        {
          "name": "RHSA-2020:0467",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0467"
        },
        {
          "name": "RHSA-2020:0469",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0469"
        },
        {
          "name": "RHSA-2020:0468",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0468"
        },
        {
          "name": "DSA-4621",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4621"
        },
        {
          "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Feb/22"
        },
        {
          "name": "RHSA-2020:0541",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0541"
        },
        {
          "name": "RHSA-2020:0632",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0632"
        },
        {
          "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2593",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u231"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "4.8",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "RHSA-2020:0128",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0128"
            },
            {
              "name": "RHSA-2020:0122",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0122"
            },
            {
              "name": "DSA-4605",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4605"
            },
            {
              "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/24"
            },
            {
              "name": "RHSA-2020:0157",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0157"
            },
            {
              "name": "RHSA-2020:0196",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0196"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
            },
            {
              "name": "openSUSE-SU-2020:0113",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
            },
            {
              "name": "openSUSE-SU-2020:0147",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
            },
            {
              "name": "RHSA-2020:0232",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0232"
            },
            {
              "name": "RHSA-2020:0231",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0231"
            },
            {
              "name": "RHSA-2020:0202",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0202"
            },
            {
              "name": "USN-4257-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4257-1/"
            },
            {
              "name": "RHSA-2020:0465",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0465"
            },
            {
              "name": "RHSA-2020:0470",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0470"
            },
            {
              "name": "RHSA-2020:0467",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0467"
            },
            {
              "name": "RHSA-2020:0469",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0469"
            },
            {
              "name": "RHSA-2020:0468",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0468"
            },
            {
              "name": "DSA-4621",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4621"
            },
            {
              "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Feb/22"
            },
            {
              "name": "RHSA-2020:0541",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0541"
            },
            {
              "name": "RHSA-2020:0632",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0632"
            },
            {
              "name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2128-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2593",
    "datePublished": "2020-01-15T16:34:02",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T16:29:29.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2805

Vulnerability from cvelistv5

Published

2020-04-15 13:29

Modified

2024-09-30 14:47

Severity ?

8.3 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200416-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4662	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/4337-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4668	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202006-22	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u251, 8u241, 11.0.6, 14
Version: Java SE Embedded: 8u241

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
          },
          {
            "name": "DSA-4662",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4662"
          },
          {
            "name": "USN-4337-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4337-1/"
          },
          {
            "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
          },
          {
            "name": "DSA-4668",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4668"
          },
          {
            "name": "FEDORA-2020-5386fe3bbb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
          },
          {
            "name": "FEDORA-2020-21ca991b3b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
          },
          {
            "name": "FEDORA-2020-a60ad9d4ec",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
          },
          {
            "name": "openSUSE-SU-2020:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2020:0800",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
          },
          {
            "name": "GLSA-202006-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-22"
          },
          {
            "name": "openSUSE-SU-2020:0841",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2805",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T14:41:30.438557Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T14:47:34.000Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u251, 8u241, 11.0.6, 14"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u241"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:44",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
        },
        {
          "name": "DSA-4662",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4662"
        },
        {
          "name": "USN-4337-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4337-1/"
        },
        {
          "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
        },
        {
          "name": "DSA-4668",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4668"
        },
        {
          "name": "FEDORA-2020-5386fe3bbb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
        },
        {
          "name": "FEDORA-2020-21ca991b3b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
        },
        {
          "name": "FEDORA-2020-a60ad9d4ec",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
        },
        {
          "name": "openSUSE-SU-2020:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2020:0800",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
        },
        {
          "name": "GLSA-202006-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-22"
        },
        {
          "name": "openSUSE-SU-2020:0841",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2805",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u251, 8u241, 11.0.6, 14"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u241"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "8.3",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
            },
            {
              "name": "DSA-4662",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4662"
            },
            {
              "name": "USN-4337-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4337-1/"
            },
            {
              "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
            },
            {
              "name": "DSA-4668",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4668"
            },
            {
              "name": "FEDORA-2020-5386fe3bbb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
            },
            {
              "name": "FEDORA-2020-21ca991b3b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
            },
            {
              "name": "FEDORA-2020-a60ad9d4ec",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
            },
            {
              "name": "openSUSE-SU-2020:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2020:0800",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
            },
            {
              "name": "GLSA-202006-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-22"
            },
            {
              "name": "openSUSE-SU-2020:0841",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2805",
    "datePublished": "2020-04-15T13:29:47",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T14:47:34.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3517

Vulnerability from cvelistv5

Published

2021-05-19 13:45

Modified

2024-08-03 16:53

Severity ?

Summary

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

References

▼	URL	Tags
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1954232	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/	vendor-advisory, x_refsource_FEDORA
	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202107-05	vendor-advisory, x_refsource_GENTOO
	https://security.netapp.com/advisory/ntap-20210625-0002/	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20211022-0004/	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

libxml2

Version: libxml2 2.9.11

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:53:17.731Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2021-e3ed1ba38b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"
          },
          {
            "name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"
          },
          {
            "name": "FEDORA-2021-b950000d2b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"
          },
          {
            "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "GLSA-202107-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-05"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210625-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libxml2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libxml2 2.9.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:35:17",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2021-e3ed1ba38b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"
        },
        {
          "name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"
        },
        {
          "name": "FEDORA-2021-b950000d2b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"
        },
        {
          "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "GLSA-202107-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-05"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210625-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-3517",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "libxml2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "libxml2 2.9.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2021-e3ed1ba38b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"
            },
            {
              "name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"
            },
            {
              "name": "FEDORA-2021-b950000d2b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"
            },
            {
              "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "GLSA-202107-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-05"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210625-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210625-0002/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211022-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3517",
    "datePublished": "2021-05-19T13:45:00",
    "dateReserved": "2021-04-27T00:00:00",
    "dateUpdated": "2024-08-03T16:53:17.731Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21282

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u321
Version: Oracle Java SE:8u311
Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:54.996Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:29.329Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21282",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21282",
    "datePublished": "2022-01-19T11:23:11",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:54.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14792

Vulnerability from cvelistv5

Published

2020-10-21 14:04

Modified

2024-09-26 20:22

Severity ?

4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20201023-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4779	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202101-19	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u271
Version: 8u261
Version: 11.0.8
Version: 15; Java SE Embedded: 8u261

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:53:43.278Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
          },
          {
            "name": "DSA-4779",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4779"
          },
          {
            "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14792",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T19:44:26.978320Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T20:22:17.546Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u271"
            },
            {
              "status": "affected",
              "version": "8u261"
            },
            {
              "status": "affected",
              "version": "11.0.8"
            },
            {
              "status": "affected",
              "version": "15; Java SE Embedded: 8u261"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:08",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
        },
        {
          "name": "DSA-4779",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4779"
        },
        {
          "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14792",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u271"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u261"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "11.0.8"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "15; Java SE Embedded: 8u261"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "4.2",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201023-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
            },
            {
              "name": "DSA-4779",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4779"
            },
            {
              "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14792",
    "datePublished": "2020-10-21T14:04:25",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-26T20:22:17.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35565

Vulnerability from cvelistv5

Published

2021-10-20 10:50

Modified

2024-09-25 19:35

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2021.html
	https://security.netapp.com/advisory/ntap-20211022-0004/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/	vendor-advisory
	https://www.debian.org/security/2021/dsa-5000	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	mailing-list
	https://security.gentoo.org/glsa/202209-05	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor

Product

Version

▼

Version: Java SE:7u311
Version: Java SE:8u301
Version: Java SE:11.0.12
Version: Oracle GraalVM Enterprise Edition:20.3.3
Version: Oracle GraalVM Enterprise Edition:21.2.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:46.747Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "name": "FEDORA-2021-35145352b0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
          },
          {
            "name": "FEDORA-2021-7701833090",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
          },
          {
            "name": "FEDORA-2021-9a51a6f8b1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
          },
          {
            "name": "FEDORA-2021-1cc8ffd122",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
          },
          {
            "name": "FEDORA-2021-eb3e3e87d3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
          },
          {
            "name": "FEDORA-2021-107c8c5063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
          },
          {
            "name": "DSA-5000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5000"
          },
          {
            "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-35565",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T19:32:11.232825Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T19:35:12.902Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE:7u311"
            },
            {
              "status": "affected",
              "version": "Java SE:8u301"
            },
            {
              "status": "affected",
              "version": "Java SE:11.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.3"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:17.151862",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "name": "FEDORA-2021-35145352b0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
        },
        {
          "name": "FEDORA-2021-7701833090",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
        },
        {
          "name": "FEDORA-2021-9a51a6f8b1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
        },
        {
          "name": "FEDORA-2021-1cc8ffd122",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
        },
        {
          "name": "FEDORA-2021-eb3e3e87d3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
        },
        {
          "name": "FEDORA-2021-107c8c5063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
        },
        {
          "name": "DSA-5000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5000"
        },
        {
          "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-35565",
    "datePublished": "2021-10-20T10:50:12",
    "dateReserved": "2021-06-28T00:00:00",
    "dateUpdated": "2024-09-25T19:35:12.902Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2800

Vulnerability from cvelistv5

Published

2020-04-15 13:29

Modified

2024-09-30 15:02

Severity ?

4.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20200416-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4662	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/4337-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4668	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202006-22	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202209-15	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u251, 8u241, 11.0.6, 14
Version: Java SE Embedded: 8u241

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.727Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
          },
          {
            "name": "DSA-4662",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4662"
          },
          {
            "name": "USN-4337-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4337-1/"
          },
          {
            "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
          },
          {
            "name": "DSA-4668",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4668"
          },
          {
            "name": "FEDORA-2020-5386fe3bbb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
          },
          {
            "name": "FEDORA-2020-21ca991b3b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
          },
          {
            "name": "FEDORA-2020-a60ad9d4ec",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
          },
          {
            "name": "openSUSE-SU-2020:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2020:0800",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
          },
          {
            "name": "GLSA-202006-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-22"
          },
          {
            "name": "openSUSE-SU-2020:0841",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2800",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T14:59:16.949849Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T15:02:23.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u251, 8u241, 11.0.6, 14"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u241"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:30",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
        },
        {
          "name": "DSA-4662",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4662"
        },
        {
          "name": "USN-4337-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4337-1/"
        },
        {
          "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
        },
        {
          "name": "DSA-4668",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4668"
        },
        {
          "name": "FEDORA-2020-5386fe3bbb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
        },
        {
          "name": "FEDORA-2020-21ca991b3b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
        },
        {
          "name": "FEDORA-2020-a60ad9d4ec",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
        },
        {
          "name": "openSUSE-SU-2020:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2020:0800",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
        },
        {
          "name": "GLSA-202006-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-22"
        },
        {
          "name": "openSUSE-SU-2020:0841",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2800",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u251, 8u241, 11.0.6, 14"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u241"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "4.8",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
            },
            {
              "name": "DSA-4662",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4662"
            },
            {
              "name": "USN-4337-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4337-1/"
            },
            {
              "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
            },
            {
              "name": "DSA-4668",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4668"
            },
            {
              "name": "FEDORA-2020-5386fe3bbb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
            },
            {
              "name": "FEDORA-2020-21ca991b3b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
            },
            {
              "name": "FEDORA-2020-a60ad9d4ec",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
            },
            {
              "name": "openSUSE-SU-2020:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2020:0800",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
            },
            {
              "name": "GLSA-202006-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-22"
            },
            {
              "name": "openSUSE-SU-2020:0841",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2800",
    "datePublished": "2020-04-15T13:29:46",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T15:02:23.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21291

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u321
Version: Oracle Java SE:8u311
Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.283Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "FEDORA-2022-477401b0f7",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:19:34.932Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "FEDORA-2022-477401b0f7",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21291",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "FEDORA-2022-477401b0f7",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21291",
    "datePublished": "2022-01-19T11:23:29",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:55.283Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21277

Vulnerability from cvelistv5

Published

2022-01-19 11:22

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:12.305Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21277",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21277",
    "datePublished": "2022-01-19T11:22:59",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:55.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21299

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor

Product

Version

▼

Version: Oracle Java SE:7u321
Version: Oracle Java SE:8u311
Version: Oracle Java SE:11.0.13
Version: Oracle Java SE:17.0.1
Version: Oracle GraalVM Enterprise Edition:20.3.4
Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:36.428Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21299",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21299",
    "datePublished": "2022-01-19T11:23:43",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:55.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14798

Vulnerability from cvelistv5

Published

2020-10-21 14:04

Modified

2024-09-26 20:21

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20201023-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4779	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202101-19	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u271
Version: 8u261
Version: 11.0.8
Version: 15; Java SE Embedded: 8u261

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:00:50.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
          },
          {
            "name": "DSA-4779",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4779"
          },
          {
            "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14798",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T19:44:17.079782Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T20:21:17.899Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u271"
            },
            {
              "status": "affected",
              "version": "8u261"
            },
            {
              "status": "affected",
              "version": "11.0.8"
            },
            {
              "status": "affected",
              "version": "15; Java SE Embedded: 8u261"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:10",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
        },
        {
          "name": "DSA-4779",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4779"
        },
        {
          "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14798",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u271"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u261"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "11.0.8"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "15; Java SE Embedded: 8u261"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201023-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
            },
            {
              "name": "DSA-4779",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4779"
            },
            {
              "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14798",
    "datePublished": "2020-10-21T14:04:25",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-26T20:21:17.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14796

Vulnerability from cvelistv5

Published

2020-10-21 14:04

Modified

2024-09-26 20:21

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20201023-0004/	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4779	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202101-19	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

Version: Java SE: 7u271
Version: 8u261
Version: 11.0.8
Version: 15; Java SE Embedded: 8u261

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:00:50.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
          },
          {
            "name": "DSA-4779",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4779"
          },
          {
            "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14796",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T19:44:20.611468Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T20:21:37.049Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u271"
            },
            {
              "status": "affected",
              "version": "8u261"
            },
            {
              "status": "affected",
              "version": "11.0.8"
            },
            {
              "status": "affected",
              "version": "15; Java SE Embedded: 8u261"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:14",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
        },
        {
          "name": "DSA-4779",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4779"
        },
        {
          "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14796",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u271"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u261"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "11.0.8"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "15; Java SE Embedded: 8u261"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201023-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
            },
            {
              "name": "DSA-4779",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4779"
            },
            {
              "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14796",
    "datePublished": "2020-10-21T14:04:25",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-26T20:21:37.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "C5988521-7571-4AE7-BD02-2C8765FC464B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21294",
  "lastModified": "2024-11-21T06:44:20.590",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:12.493",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-10-21 15:15

Modified

2024-11-21 05:04

Severity ?

4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.8
oracle	jdk	15
oracle	jre	1.8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services_proxy	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_unified_manager	-
netapp	santricity_cloud_connector	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
netapp	hci_storage_node	-
mcafee	epolicy_orchestrator	5.9.0
mcafee	epolicy_orchestrator	5.9.1
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
opensuse	leap	15.2

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3D07DCC8-4D24-4B8F-B72E-83DC311BD683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "AAC508A2-CF8A-4037-87C8-B87E19ABC644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "41F90A96-7F92-4DB8-9B76-BA558FDF9BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3917541-7ACF-4033-86EC-DB54938DBF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "240E3859-040C-4E94-806C-E40E9E2C5EA2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC",
              "versionEndIncluding": "11.60.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C18CA4B5-28FD-4199-B1F0-B1E59E920370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:sap:*:*",
              "matchCriteriaId": "C57D2B31-9696-4451-BA04-D093FFCF7E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Hotspot).\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u271, 8u261, 11.0.8 y 15;\u0026#xa0;Java SE Embedded: 8u261.\u0026#xa0;Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded.\u0026#xa0;Los ataques con \u00e9xito requieren la interacci\u00f3n humana de una persona diferente del atacante.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, Java SE Embedded, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded.\u0026#xa0;Nota: Aplica a la implementaci\u00f3n de cliente y servidor de Java.\u0026#xa0;Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets de Java en sandbox.\u0026#xa0;Tambi\u00e9n puede ser explotada al suministrar datos a las API en el Componente especificado sin utilizar aplicaciones Java Web Start en sandbox o applets de Java en sandbox, como mediante un servicio web.\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 4.2 (Impactos de la Confidencialidad e Integridad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)"
    }
  ],
  "id": "CVE-2020-14792",
  "lastModified": "2024-11-21T05:04:10.503",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 2.5,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-10-21T15:15:19.327",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-01-15 17:15

Modified

2024-11-21 05:25

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0122	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0128	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0157	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0196	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0202	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0231	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0232	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0465	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0467	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0468	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0469	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0470	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0541	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0632	Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://seclists.org/bugtraq/2020/Feb/22	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://seclists.org/bugtraq/2020/Jan/24	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4257-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4605	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4621	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0122	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0157	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0196	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0202	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0231	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0232	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0465	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0467	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0468	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0469	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0470	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0541	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0632	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Feb/22	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Jan/24	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4257-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4605	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4621	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.5
oracle	jdk	13.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.5
oracle	jre	13.0.1
redhat	enterprise_linux	8.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_eus	8.1
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	11
oracle	openjdk	11.0.1
oracle	openjdk	11.0.2
oracle	openjdk	11.0.3
oracle	openjdk	11.0.4
oracle	openjdk	11.0.5
oracle	openjdk	13
oracle	openjdk	13.0.1
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
opensuse	leap	15.1
mcafee	epolicy_orchestrator	5.9.0
mcafee	epolicy_orchestrator	5.9.1
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_management	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	steelstore_cloud_integrated_storage	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "89175649-A3CE-4A15-B875-C93D289F8307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "665B33FE-52FE-4E17-8A80-D61656C49900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_241:*:*:*:*:*:*",
              "matchCriteriaId": "405536FF-8BB9-4926-97E3-61BAA3A75E08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_231:*:*:*:*:*:*",
              "matchCriteriaId": "52496989-B639-4E8E-8319-D5D9FE5B30DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FB7666-E40E-45A6-9F87-A51B9D7E8EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BF92693-510C-48A4-ABFC-AD975DB971CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "465CFA59-8E94-415A-ACF0-E678826813BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85BDC28A-484B-4D14-8D68-890450DCE3F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "635DEFDD-4840-48C6-AB1C-ADAFF4A1E50C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40A221DB-1684-4C87-B576-0969FE13E1AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE6A1B86-3688-4A13-AB37-DBD0DA323202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E0085B-4748-4F79-BEF6-CD9C3D2E6FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD3A4AFB-8D76-4B16-A306-2A10F23E51EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1704C904-6E0A-4972-BC94-326D8BC6315A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "3275348E-0FAF-4DC1-94A6-B53014659D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4",
              "versionEndIncluding": "11.60.3",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Serialization). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u241, 8u231, 11.0.5 y 13.0.1; Java SE Embedded: 8u231. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox (en Java SE versi\u00f3n 8), que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de la Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de la API en el componente especificado, por ejemplo, por medio de un servicio web que suministra datos a las API. CVSS 3.0 Puntaje Base 3.7 (Impactos en la Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2020-2583",
  "lastModified": "2024-11-21T05:25:37.680",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-15T17:15:19.130",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0122"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0157"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0196"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0231"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0232"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0465"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0467"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0468"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0470"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0541"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0632"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Jan/24"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4257-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4605"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4621"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Jan/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4257-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-15 14:15

Modified

2024-11-21 05:26

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4337-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4337-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.6
oracle	jdk	14.0.0
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.6
oracle	jre	14.0.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	14
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	plug-in_for_symantec_netbackup	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
fedoraproject	fedora	30
fedoraproject	fedora	31
fedoraproject	fedora	32
opensuse	leap	15.1
opensuse	leap	15.2
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "E3B8B378-3211-4E63-873D-A05574B39E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84457AF5-BF82-449E-8576-F34DD338BBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_251:*:*:*:*:*:*",
              "matchCriteriaId": "8F257E03-5BA1-4743-983A-6C08F8572FFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_241:*:*:*:*:*:*",
              "matchCriteriaId": "C49049F7-8BA7-4787-8C55-CABFAB6BC0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5E08E5-823D-4F57-BA0A-603F8E680419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D95157-3487-4421-A5E3-801B987625B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8ADAA7A-7951-40D7-B1B1-78944D954209",
              "versionEndIncluding": "11.0.6",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA",
              "versionEndIncluding": "13.0.2",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Lightweight HTTP Server). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, Java SE Embedded, as\u00ed como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad solo puede ser explotada al proporcionar datos a las API en el Componente especificado sin utilizar aplicaciones Java Web Start No Confiables o applets Java No Confiables, tal y como por medio de un servicio web. CVSS 3.0 Puntuaci\u00f3n Base 4.8 (Impactos de la confidencialidad y la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
    }
  ],
  "id": "CVE-2020-2800",
  "lastModified": "2024-11-21T05:26:18.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T14:15:28.060",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-19 21:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.5
oracle	graalvm	21.3.1
oracle	graalvm	22.0.0.2
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.14
oracle	jdk	17.0.2
oracle	jdk	18
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.14
oracle	jre	17.0.2
oracle	jre	18
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	santricity_unified_manager	-
netapp	solidfire\,_enterprise_sds_\&_hci_storage_node	-
netapp	solidfire_\&_hci_management_node	-
netapp	hci_compute_node_firmware	-
azul	zulu	6.45
azul	zulu	7.52
azul	zulu	8.60
azul	zulu	11.54
azul	zulu	13.46
azul	zulu	15.38
azul	zulu	17.32
azul	zulu	18.28

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update331:*:*:*:*:*:*",
              "matchCriteriaId": "13F6415A-E5FB-4C4D-B1F7-0DEFD0C04376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "6765029F-98C1-44A2-A7F7-152DCA8C9C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "681BFE5C-6F33-4084-8F0D-2DD573782004",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A29CF53D-7DDC-4B60-8232-6C173083101F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA091EC-B5A9-468D-B99C-BB6F333E7B64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update331:*:*:*:*:*:*",
              "matchCriteriaId": "10612D3D-6614-4C9D-B142-47B71BDAD7FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "B4FCFABB-FDEC-43BF-B611-1B54BCE510C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "47837A4D-A7B1-4F41-8F88-5F5169E7BBE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "870F82C4-D6B8-474F-909F-0187FE8EEB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "44535879-9E87-4256-A6D9-29FB7A42AA90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "850B5359-7804-406B-9DC9-D22D65ACEE40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC61C25-871B-4F6F-A5F0-77359F373681",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0DC492-706E-42FE-8757-71873B53C417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AD8BF00-C510-4E63-8949-CB64E9043610",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo procedente de Internet) y que dependen del sandbox de Java para su seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)"
    }
  ],
  "id": "CVE-2022-21434",
  "lastModified": "2024-11-21T06:44:41.427",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-04-19T21:15:15.387",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-10-21 15:15

Modified

2024-11-21 05:04

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.8
oracle	jdk	15
oracle	jre	1.8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_management_plug-ins	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services_proxy	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	steelstore_cloud_integrated_storage	-
mcafee	epolicy_orchestrator	5.9.0
mcafee	epolicy_orchestrator	5.9.1
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
opensuse	leap	15.2

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3D07DCC8-4D24-4B8F-B72E-83DC311BD683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "AAC508A2-CF8A-4037-87C8-B87E19ABC644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "41F90A96-7F92-4DB8-9B76-BA558FDF9BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3917541-7ACF-4033-86EC-DB54938DBF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "240E3859-040C-4E94-806C-E40E9E2C5EA2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC",
              "versionEndIncluding": "11.60.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries).\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u271, 8u261, 11.0.8 y 15;\u0026#xa0;Java SE Embedded: 8u261.\u0026#xa0;Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, Java SE Embedded.\u0026#xa0;Nota: Aplica a la implementaci\u00f3n de cliente y servidor de Java.\u0026#xa0;Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets de Java en sandbox.\u0026#xa0;Tambi\u00e9n puede ser explotada al suministrar datos a las API en el Componente especificado sin utilizar aplicaciones Java Web Start en sandbox o applets de Java en sandbox, como mediante un servicio web.\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 3.7 (Impactos de la Integridad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)"
    }
  ],
  "id": "CVE-2020-14782",
  "lastModified": "2024-11-21T05:04:08.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-10-21T15:15:18.517",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-19 21:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.5
oracle	graalvm	21.3.1
oracle	graalvm	22.0.0.2
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.14
oracle	jdk	17.0.2
oracle	jdk	18
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.14
oracle	jre	17.0.2
oracle	jre	18
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	santricity_unified_manager	-
netapp	solidfire\,_enterprise_sds_\&_hci_storage_node	-
netapp	solidfire_\&_hci_management_node	-
netapp	hci_compute_node_firmware	-
azul	zulu	6.45
azul	zulu	7.52
azul	zulu	8.60
azul	zulu	11.54
azul	zulu	13.46
azul	zulu	15.38
azul	zulu	17.32
azul	zulu	18.28

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update331:*:*:*:*:*:*",
              "matchCriteriaId": "13F6415A-E5FB-4C4D-B1F7-0DEFD0C04376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "6765029F-98C1-44A2-A7F7-152DCA8C9C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "681BFE5C-6F33-4084-8F0D-2DD573782004",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A29CF53D-7DDC-4B60-8232-6C173083101F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA091EC-B5A9-468D-B99C-BB6F333E7B64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update331:*:*:*:*:*:*",
              "matchCriteriaId": "10612D3D-6614-4C9D-B142-47B71BDAD7FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "B4FCFABB-FDEC-43BF-B611-1B54BCE510C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "47837A4D-A7B1-4F41-8F88-5F5169E7BBE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "870F82C4-D6B8-474F-909F-0187FE8EEB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "44535879-9E87-4256-A6D9-29FB7A42AA90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "850B5359-7804-406B-9DC9-D22D65ACEE40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC61C25-871B-4F6F-A5F0-77359F373681",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0DC492-706E-42FE-8757-71873B53C417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AD8BF00-C510-4E63-8949-CB64E9043610",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JAXP). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una negaci\u00f3n parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21426",
  "lastModified": "2024-11-21T06:44:40.450",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-04-19T21:15:15.157",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-07-01 02:15

Modified

2024-11-21 04:24

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html	Mailing List, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Aug/11	Mailing List, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Aug/13	Mailing List, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Aug/14	Mailing List, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Aug/15	Mailing List, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Jul/22	Mailing List, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Jul/23	Mailing List, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Jul/24	Mailing List, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Jul/26	Mailing List, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Jul/31	Mailing List, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Jul/37	Mailing List, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Jul/38	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2019/11/17/2	Mailing List, Third Party Advisory
cve@mitre.org	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069	Permissions Required
cve@mitre.org	https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b	Patch, Third Party Advisory
cve@mitre.org	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
cve@mitre.org	https://oss-fuzz.com/testcase-detail/5197371471822848	Permissions Required
cve@mitre.org	https://seclists.org/bugtraq/2019/Aug/21	Mailing List, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Aug/22	Mailing List, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Aug/23	Mailing List, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Aug/25	Mailing List, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Jul/35	Mailing List, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Jul/36	Mailing List, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Jul/37	Mailing List, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Jul/40	Mailing List, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Jul/41	Mailing List, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/Jul/42	Mailing List, Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20190806-0004/	Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT210346	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT210348	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT210351	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT210353	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT210356	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT210357	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT210358	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4164-1/	Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Aug/11	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Aug/13	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Aug/14	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Aug/15	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Jul/22	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Jul/23	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Jul/24	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Jul/26	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Jul/31	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Jul/37	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Jul/38	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/11/17/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
af854a3a-2127-422b-91ae-364da2661108	https://oss-fuzz.com/testcase-detail/5197371471822848	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Aug/21	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Aug/22	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Aug/23	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Aug/25	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jul/35	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jul/36	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jul/37	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jul/40	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jul/41	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jul/42	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20190806-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT210346	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT210348	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT210351	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT210353	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT210356	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT210357	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT210358	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4164-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory

Impacted products

Vendor	Product	Version
xmlsoft	libxslt	1.1.33
opensuse	leap	15.1
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_backup	-
netapp	clustered_data_ontap	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_management_plug-ins	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	ontap_select_deploy_administration_utility	-
netapp	plug-in_for_symantec_netbackup	-
netapp	santricity_unified_manager	-
netapp	steelstore_cloud_integrated_storage	-
oracle	jdk	1.8.0
fedoraproject	fedora	31
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.04
canonical	ubuntu_linux	19.10
apple	icloud	*
apple	icloud	*
apple	itunes	*
apple	iphone_os	*
apple	mac_os_x	10.12.6
apple	mac_os_x	10.12.6
apple	mac_os_x	10.12.6
apple	mac_os_x	10.13.6
apple	mac_os_x	10.13.6
apple	mac_os_x	10.13.6
apple	macos	*
apple	tvos	*

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBF9724E-ED48-45EB-92DF-1223ECF12693",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "433D435D-13D0-4EAA-ACD9-DD88DA712D00",
              "versionEndIncluding": "11.50.2",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "086B8913-51FE-4FCA-AB2C-47541F2C3252",
              "versionEndExcluding": "7.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "71143206-77A6-4B8F-964B-FD4E00C1AE60",
              "versionEndExcluding": "10.6",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "F3310BC8-34F6-4C8A-B6B8-FCEB9033902B",
              "versionEndExcluding": "12.9.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78127EE5-23FE-4C66-B7EE-2CF3E19F0503",
              "versionEndExcluding": "12.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-001:*:*:*:*:*:*",
              "matchCriteriaId": "4353B3DF-2371-4A6F-9FF8-2CC3EF7DC4F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-002:*:*:*:*:*:*",
              "matchCriteriaId": "A0334DC1-4D8C-448C-84B3-310499118B44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-003:*:*:*:*:*:*",
              "matchCriteriaId": "F80F3626-D093-45F4-80A1-3DB1EC94E0F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
              "matchCriteriaId": "754A2DF4-8724-4448-A2AB-AC5442029CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
              "matchCriteriaId": "D392C777-1949-4920-B459-D083228E4688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
              "matchCriteriaId": "68B0A232-F2A4-4B87-99EB-3A532DFA87DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DABA4F3-D814-4190-BDD7-C2F3DBBD9E1A",
              "versionEndExcluding": "10.14.6",
              "versionStartIncluding": "10.4.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281794-DEC0-4C8A-8B92-F8E5D8785EF6",
              "versionEndExcluding": "12.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data."
    },
    {
      "lang": "es",
      "value": "En el archivo numbers.c en libxslt versi\u00f3n 1.1.33, un tipo que contiene caracteres de agrupaci\u00f3n de una instrucci\u00f3n xsl:number era demasiado estrecho y una combinaci\u00f3n de car\u00e1cter/longitud no v\u00e1lida se pod\u00eda ser pasada a la funci\u00f3n xsltNumberFormatDecimal, conllevando a una lectura de los datos de pila no inicializados."
    }
  ],
  "id": "CVE-2019-13118",
  "lastModified": "2024-11-21T04:24:13.817",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-01T02:15:09.800",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jul/22"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jul/23"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jul/24"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jul/26"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jul/31"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jul/37"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jul/38"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Aug/21"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Aug/22"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Aug/23"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Aug/25"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jul/35"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jul/36"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jul/37"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jul/40"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jul/41"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jul/42"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210346"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210348"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210351"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210353"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210356"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210357"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210358"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4164-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jul/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jul/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jul/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jul/26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jul/31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jul/37"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jul/38"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Aug/21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Aug/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Aug/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Aug/25"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jul/35"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jul/36"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jul/37"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jul/40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jul/41"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jul/42"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210357"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT210358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4164-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-843"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-01-15 17:15

Modified

2024-11-21 05:25

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0157	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0196	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0202	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0231	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0465	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0467	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0468	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0469	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0470	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0541	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0632	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://seclists.org/bugtraq/2020/Feb/22	Issue Tracking, Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4257-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4621	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0157	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0196	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0202	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0231	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0465	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0467	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0468	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0469	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0470	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0541	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0632	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Feb/22	Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4257-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4621	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jre	1.8.0
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
debian	debian_linux	8.0
debian	debian_linux	9.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_management_plug-ins	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services_proxy	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	steelstore_cloud_integrated_storage	-
opensuse	leap	15.1
redhat	enterprise_linux	8.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_eus	8.1
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "45E3A969-BFC2-45E2-B301-813E9335FC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC",
              "versionEndIncluding": "11.60.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Networking). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u241 y 8u231; Java SE Embedded: 8u231. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox (en Java SE versi\u00f3n 8), que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de la Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de la API en el componente especificado, por ejemplo, por medio de un servicio web que suministra datos a las API. CVSS 3.0 Puntaje Base 3.7 (Impactos en la Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2020-2659",
  "lastModified": "2024-11-21T05:25:55.337",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-15T17:15:24.333",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0157"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0196"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0231"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0465"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0467"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0468"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0470"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0541"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0632"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4257-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4621"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4257-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	17
oracle	openjdk	17.0.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: ImageIO). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad explotable f\u00e1cilmente, permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21366",
  "lastModified": "2024-11-21T06:44:31.710",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:15.817",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	11.0.13
oracle	jre	17.0.1
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	17
oracle	openjdk	17.0.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: ImageIO). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad explotable f\u00e1cilmente, permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21277",
  "lastModified": "2024-11-21T06:44:16.010",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:11.697",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-01-15 17:15

Modified

2024-11-21 05:25

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0122	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0128	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0157	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0196	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0202	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0231	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0232	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0541	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0632	Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://seclists.org/bugtraq/2020/Feb/22	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://seclists.org/bugtraq/2020/Jan/24	Issue Tracking, Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4257-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4605	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4621	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0122	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0157	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0196	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0202	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0231	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0232	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0541	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0632	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Feb/22	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Jan/24	Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4257-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4605	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4621	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.5
oracle	jdk	13.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.5
oracle	jre	13.0.1
redhat	enterprise_linux	8.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_eus	8.1
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_tus	7.7
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	11
oracle	openjdk	11.0.1
oracle	openjdk	11.0.2
oracle	openjdk	11.0.3
oracle	openjdk	11.0.4
oracle	openjdk	11.0.5
oracle	openjdk	13
oracle	openjdk	13.0.1
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
opensuse	leap	15.1
mcafee	epolicy_orchestrator	5.9.0
mcafee	epolicy_orchestrator	5.9.1
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_management	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	steelstore_cloud_integrated_storage	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "89175649-A3CE-4A15-B875-C93D289F8307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "665B33FE-52FE-4E17-8A80-D61656C49900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_241:*:*:*:*:*:*",
              "matchCriteriaId": "405536FF-8BB9-4926-97E3-61BAA3A75E08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_231:*:*:*:*:*:*",
              "matchCriteriaId": "52496989-B639-4E8E-8319-D5D9FE5B30DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FB7666-E40E-45A6-9F87-A51B9D7E8EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BF92693-510C-48A4-ABFC-AD975DB971CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC88059E-CCFD-4AFD-9982-41DF225FB840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "465CFA59-8E94-415A-ACF0-E678826813BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85BDC28A-484B-4D14-8D68-890450DCE3F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "635DEFDD-4840-48C6-AB1C-ADAFF4A1E50C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40A221DB-1684-4C87-B576-0969FE13E1AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE6A1B86-3688-4A13-AB37-DBD0DA323202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E0085B-4748-4F79-BEF6-CD9C3D2E6FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD3A4AFB-8D76-4B16-A306-2A10F23E51EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1704C904-6E0A-4972-BC94-326D8BC6315A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "3275348E-0FAF-4DC1-94A6-B53014659D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4",
              "versionEndIncluding": "11.60.3",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Security). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u241, 8u231, 11.0.5 y 13.0.1; Java SE Embedded: 8u231. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de Kerberos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox (en Java SE versi\u00f3n 8), que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de la Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de la API en el componente especificado, por ejemplo, por medio de un servicio web que suministra datos a las API. CVSS 3.0 Puntuaci\u00f3n Base 3.7 (Impactos en la Integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    }
  ],
  "id": "CVE-2020-2590",
  "lastModified": "2024-11-21T05:25:39.373",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-15T17:15:19.613",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0122"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0157"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0196"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0231"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0232"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0541"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0632"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Jan/24"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4257-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4605"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4621"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Jan/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4257-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jre	1.7.0
oracle	jre	1.8.0
netapp	7-mode_transition_tool	-
netapp	cloud_insights	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "C5988521-7571-4AE7-BD02-2C8765FC464B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: 2D). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21349",
  "lastModified": "2024-11-21T06:44:28.933",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:15.023",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-20 11:16

Modified

2024-11-21 06:12

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.3
oracle	graalvm	21.2.0
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	11.0.12
oracle	openjdk	17
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "190C4FEC-ECFD-4E46-8C4D-F99241CF0F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: ImageIO). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 y 21.2.0. La vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1 Puntuaci\u00f3n Base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2021-35586",
  "lastModified": "2024-11-21T06:12:35.307",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-10-20T11:16:59.280",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-15 18:15

Modified

2024-11-21 05:03

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
secalert_us@oracle.com	https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202008-24	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4433-1/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4453-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4734	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202008-24	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4433-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4453-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4734	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.7
oracle	jdk	14.0.1
oracle	jre	1.8.0
fedoraproject	fedora	31
fedoraproject	fedora	32
mcafee	epolicy_orchestrator	5.9.0
mcafee	epolicy_orchestrator	5.9.1
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
opensuse	leap	15.1
opensuse	leap	15.2
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	20.04
debian	debian_linux	9.0
debian	debian_linux	10.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_unified_manager_core_package	-
netapp	oncommand_workflow_automation	-
netapp	plug-in_for_symantec_netbackup	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "C9F6C698-54CB-4CBE-BBC9-2A059D419BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "FF39F7B1-6571-4BF6-A58F-4A6801636217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A0D065C-C4AB-4558-86C3-9A89C9CADBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D034E25-195A-4926-9FEC-A2B9F01E0CFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "D2DD43D4-AF2E-41DF-90C0-F899C624430E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A4D418D-B526-46B9-B439-E1963BF88C0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: JAXP). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u261, 8u251, 11.0.7 y 14.0.1; Java SE Embedded: 8u251. La vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso de red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en actualizaciones no autorizadas, insertar o eliminar el acceso a algunos de los datos accesibles Java SE, Java SE Embedded. Nota: Esta vulnerabilidad solo puede ser explotada al proporcionar datos a las API en el Componente especificado sin usar aplicaciones Java Web Start No Confiables o applets Java No Confiables, tales como a trav\u00e9s de un servicio web. CVSS 3.1 Puntuaci\u00f3n Base 5.3 (Impactos de la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)"
    }
  ],
  "id": "CVE-2020-14621",
  "lastModified": "2024-11-21T05:03:42.337",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-07-15T18:15:27.380",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-24"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4433-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4453-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4734"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4433-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4453-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	11.0.13
oracle	jre	17.0.1
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
fedoraproject	fedora	34
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad explotable f\u00e1cilmente, permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21283",
  "lastModified": "2024-11-21T06:44:17.427",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:11.977",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "C5988521-7571-4AE7-BD02-2C8765FC464B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: ImageIO). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21360",
  "lastModified": "2024-11-21T06:44:30.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:15.540",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-15 18:15

Modified

2024-11-21 05:03

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202008-24	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4453-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4734	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202008-24	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4453-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4734	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jre	1.8.0
fedoraproject	fedora	31
fedoraproject	fedora	32
opensuse	leap	15.2
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	20.04
mcafee	epolicy_orchestrator	5.9.0
mcafee	epolicy_orchestrator	5.9.1
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "C9F6C698-54CB-4CBE-BBC9-2A059D419BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "FF39F7B1-6571-4BF6-A58F-4A6801636217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "D2DD43D4-AF2E-41DF-90C0-F899C624430E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u261 y 8u251; Java SE Embedded: 8u251. La vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso de red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start en sandbox y applets de Java en sandbox. Tambi\u00e9n puede ser explotada mediante el suministro de datos a las API en el Componente especificado sin utilizar aplicaciones de Java Web Start en sandbox o applets de Java en sandbox, como por medio de un servicio web. CVSS 3.1 Puntuaci\u00f3n Base 3.7 (Impactos de la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2020-14578",
  "lastModified": "2024-11-21T05:03:35.600",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-07-15T18:15:23.833",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-24"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4453-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4734"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4453-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-15 14:15

Modified

2024-11-21 05:26

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4337-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4337-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	11.0.6
oracle	jdk	14.0.0
oracle	jre	11.0.6
oracle	jre	14.0.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	14
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	plug-in_for_symantec_netbackup	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
debian	debian_linux	10.0
opensuse	leap	15.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84457AF5-BF82-449E-8576-F34DD338BBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5E08E5-823D-4F57-BA0A-603F8E680419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D95157-3487-4421-A5E3-801B987625B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8ADAA7A-7951-40D7-B1B1-78944D954209",
              "versionEndIncluding": "11.0.6",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA",
              "versionEndIncluding": "13.0.2",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC",
              "versionEndIncluding": "11.60.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: JSSE). Las versiones compatibles que est\u00e1n afectadas son Java SE: 11.0.6 y 14. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de HTTPS comprometer a Java SE. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a datos cr\u00edticos o a todos los datos accesibles de Java SE. Nota: Esta vulnerabilidad solo puede ser explotada al proporcionar datos a las API en el Componente especificado sin utilizar aplicaciones Java Web Start No Confiables o applets Java No Confiables, tal y como por medio de un servicio web. CVSS 3.0 Puntuaci\u00f3n Base 7.5 (Impactos de la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
    }
  ],
  "id": "CVE-2020-2816",
  "lastModified": "2024-11-21T05:26:21.210",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T14:15:29.157",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-15 18:15

Modified

2024-11-21 05:03

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4433-1/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4453-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4734	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4433-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4453-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4734	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.7
oracle	jdk	14.0.1
oracle	jre	1.8.0
fedoraproject	fedora	31
fedoraproject	fedora	32
mcafee	epolicy_orchestrator	5.9.0
mcafee	epolicy_orchestrator	5.9.1
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
opensuse	leap	15.1
opensuse	leap	15.2
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	20.04
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "C9F6C698-54CB-4CBE-BBC9-2A059D419BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "FF39F7B1-6571-4BF6-A58F-4A6801636217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A0D065C-C4AB-4558-86C3-9A89C9CADBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D034E25-195A-4926-9FEC-A2B9F01E0CFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "D2DD43D4-AF2E-41DF-90C0-F899C624430E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: 2D). Las versiones compatibles que est\u00e1n afectadas son Java SE: 8u251, 11.0.7 y 14.0.1; Java SE Embedded: 8u251. La vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso de red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded. Nota: Aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start en sandbox y applets de Java en sandbox. Tambi\u00e9n puede ser explotada mediante el suministro de datos a las API en el Componente especificado sin utilizar aplicaciones de Java Web Start en sandbox o applets de Java en sandbox, como por medio de un servicio web. CVSS 3.1 Puntuaci\u00f3n Base 3.7 (Impactos de la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)"
    }
  ],
  "id": "CVE-2020-14581",
  "lastModified": "2024-11-21T05:03:36.143",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-07-15T18:15:24.083",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4433-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4453-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4734"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4433-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4453-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "C5988521-7571-4AE7-BD02-2C8765FC464B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JAXP). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21299",
  "lastModified": "2024-11-21T06:44:21.397",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:12.727",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-15 18:15

Modified

2024-11-21 05:03

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4433-1/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4453-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4734	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4433-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4453-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4734	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.7
oracle	jdk	14.0.1
oracle	jre	1.8.0
fedoraproject	fedora	31
fedoraproject	fedora	32
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	20.04
opensuse	leap	15.1
opensuse	leap	15.2
debian	debian_linux	9.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "C9F6C698-54CB-4CBE-BBC9-2A059D419BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "FF39F7B1-6571-4BF6-A58F-4A6801636217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A0D065C-C4AB-4558-86C3-9A89C9CADBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D034E25-195A-4926-9FEC-A2B9F01E0CFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "D2DD43D4-AF2E-41DF-90C0-F899C624430E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: JSSE). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u261, 8u251, 11.0.7 y 14.0.1; Java SE Embedded: 8u251. La vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso de red por medio de TLS comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded. Nota: Aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start en sandbox y applets de Java en sandbox. Tambi\u00e9n puede ser explotada mediante el suministro de datos a las API en el Componente especificado sin utilizar aplicaciones de Java Web Start en sandbox o applets de Java en sandbox, como por medio de un servicio web. CVSS 3.1 Puntuaci\u00f3n Base 3.7 (Impactos de la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)"
    }
  ],
  "id": "CVE-2020-14577",
  "lastModified": "2024-11-21T05:03:35.407",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-07-15T18:15:23.753",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4433-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4453-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4734"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4433-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4453-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-20 11:16

Modified

2024-11-21 06:12

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.3
oracle	graalvm	21.2.0
oracle	openjdk	8
oracle	openjdk	11.0.12
oracle	openjdk	17
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "190C4FEC-ECFD-4E46-8C4D-F99241CF0F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27723C4B-C434-4733-96E4-397AA6ECE601",
              "versionEndIncluding": "11.50.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones compatibles que est\u00e1n afectadas son Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 y 21.2.0. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante poco privilegiado y con acceso a la red por medio de Kerberos comprometer Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito requieren una interacci\u00f3n humana de una persona diferente del atacante y mientras la vulnerabilidad est\u00e1 en Java SE, Oracle GraalVM Enterprise Edition, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o el acceso completo a todos los datos accesibles de Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1 Puntuaci\u00f3n Base 6.8 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N)"
    }
  ],
  "id": "CVE-2021-35567",
  "lastModified": "2024-11-21T06:12:32.397",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 6.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-10-20T11:16:38.717",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-20 11:16

Modified

2024-11-21 06:12

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.3
oracle	graalvm	21.2.0
oracle	openjdk	8
oracle	openjdk	11.0.12
oracle	openjdk	17
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "190C4FEC-ECFD-4E46-8C4D-F99241CF0F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27723C4B-C434-4733-96E4-397AA6ECE601",
              "versionEndIncluding": "11.50.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JSSE). Las versiones compatibles que est\u00e1n afectadas son Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 y 21.2.0. La vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de TLS comprometer Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad s\u00f3lo puede ser explotada al  suministrar datos a las API en el componente especificado sin usar aplicaciones Java Web Start no confiables o applets Java no confiables, como por ejemplo mediante un servicio web. CVSS 3.1 Puntuaci\u00f3n Base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2021-35578",
  "lastModified": "2024-11-21T06:12:34.163",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-10-20T11:16:55.333",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "C5988521-7571-4AE7-BD02-2C8765FC464B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JAXP). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)"
    }
  ],
  "id": "CVE-2022-21296",
  "lastModified": "2024-11-21T06:44:20.930",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:12.587",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-20 11:16

Modified

2024-11-21 06:12

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

References

URL	Tags
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	openjdk	8
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	santricity_unified_manager	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27723C4B-C434-4733-96E4-397AA6ECE601",
              "versionEndIncluding": "11.50.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Java SE de Oracle Java SE (componente: Deployment). La versi\u00f3n compatible que est\u00e1 afectada es Java SE: 8u301. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Java SE. Los ataques con \u00e9xito requieren una interacci\u00f3n humana de una persona diferente del atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a las implantaciones de Java, normalmente en servidores, que cargan y ejecutan \u00fanicamente c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntuaci\u00f3n Base 7.5 (impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)"
    }
  ],
  "id": "CVE-2021-35560",
  "lastModified": "2024-11-21T06:12:31.217",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-20T11:16:35.240",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Vendor Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	http_server	12.2.1.3.0
oracle	http_server	12.2.1.4.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	zfs_storage_appliance_kit	8.8
oracle	solaris	11
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "C5988521-7571-4AE7-BD02-2C8765FC464B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21271",
  "lastModified": "2024-11-21T06:44:15.123",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:11.417",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-20 11:16

Modified

2024-11-21 06:12

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.3
oracle	graalvm	21.2.0
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	11.0.12
oracle	openjdk	17
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "190C4FEC-ECFD-4E46-8C4D-F99241CF0F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27723C4B-C434-4733-96E4-397AA6ECE601",
              "versionEndIncluding": "11.50.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Keytool). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 y 21.2.0. La vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1 Puntuaci\u00f3n Base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)"
    }
  ],
  "id": "CVE-2021-35564",
  "lastModified": "2024-11-21T06:12:31.857",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-10-20T11:16:37.327",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-20 11:16

Modified

2024-11-21 06:12

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.3
oracle	graalvm	21.2.0
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	11.0.12
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "190C4FEC-ECFD-4E46-8C4D-F99241CF0F75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27723C4B-C434-4733-96E4-397AA6ECE601",
              "versionEndIncluding": "11.50.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JSSE). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 y 21.2.0. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de TLS comprometer Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o el acceso completo a todos los datos accesibles de Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1 Puntuaci\u00f3n Base 5.9 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)"
    }
  ],
  "id": "CVE-2021-35550",
  "lastModified": "2024-11-21T06:12:29.723",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-10-20T11:16:31.843",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-09-09 17:15

Modified

2024-11-21 04:30

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html	Broken Link
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html	Broken Link
cve@mitre.org	https://kc.mcafee.com/corporate/index?page=content&id=SB10365	Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/
cve@mitre.org	https://security.gentoo.org/glsa/202003-16	Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20190926-0003/	Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4205-1/	Third Party Advisory
cve@mitre.org	https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg116312.html
cve@mitre.org	https://www.oracle.com/security-alerts/cpuapr2020.html	Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
cve@mitre.org	https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62	Vendor Advisory
cve@mitre.org	https://www.sqlite.org/src/timeline?c=98357d8c1263920b	Patch, Vendor Advisory
cve@mitre.org	https://www.tenable.com/security/tns-2021-08	Third Party Advisory
cve@mitre.org	https://www.tenable.com/security/tns-2021-11	Third Party Advisory
cve@mitre.org	https://www.tenable.com/security/tns-2021-14	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10365	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202003-16	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20190926-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4205-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg116312.html
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.sqlite.org/src/timeline?c=98357d8c1263920b	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/tns-2021-08	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/tns-2021-11	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/tns-2021-14	Third Party Advisory

Impacted products

Vendor	Product	Version
sqlite	sqlite	*
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_santricity_os_controller	*
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	ontap_select_deploy_administration_utility	-
netapp	santricity_unified_manager	-
netapp	steelstore_cloud_integrated_storage	-
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.04
canonical	ubuntu_linux	19.10
fedoraproject	fedora	30
debian	debian_linux	9.0
tenable	nessus_agent	*
oracle	communications_design_studio	7.3.4.3.0
oracle	communications_design_studio	7.3.5.5.0
oracle	communications_design_studio	7.4.0.4.0
oracle	jdk	1.8.0
oracle	jre	1.8.0
oracle	mysql	*
oracle	outside_in_technology	8.5.4
oracle	solaris	11
oracle	zfs_storage_appliance	8.8
mcafee	policy_auditor	*

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "199DADF1-CA17-4BA1-B94D-251AD1F5FB63",
              "versionEndIncluding": "3.29.0",
              "versionStartIncluding": "3.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4",
              "versionEndIncluding": "11.60.3",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3EFED2-F6BC-46D9-AB22-D5ED87EF4549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE953762-7CCA-4EF3-BAE1-4F04F5BB22E3",
              "versionEndIncluding": "8.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "313F42E5-1BBB-4773-A153-B114C3FDF701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC75FE72-6C3F-428E-9C9A-60982455238B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B370B017-2E3B-438B-86B9-EEF70E3A5D3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "45E3A969-BFC2-45E2-B301-813E9335FC5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42EEFA46-41D0-402B-AD80-85345913DF32",
              "versionEndIncluding": "8.0.18",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "72F1A960-EBA5-4BDB-B629-20F0D2384562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:zfs_storage_appliance:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "18096778-19E1-434F-BD96-A9FBF11A8C81",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB739B3A-20BB-4118-82DD-7ACFE5881FE2",
              "versionEndExcluding": "6.5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\""
    },
    {
      "lang": "es",
      "value": "En SQLite versiones hasta 3.29.0, la funci\u00f3n whereLoopAddBtreeIndex en el archivo sqlite3.c puede bloquear un navegador u otra aplicaci\u00f3n debido a la falta de comprobaci\u00f3n de un campo sqlite_stat1 sz, tambi\u00e9n se conoce como \"severe division by zero in the query planner.\"."
    }
  ],
  "id": "CVE-2019-16168",
  "lastModified": "2024-11-21T04:30:11.397",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-09T17:15:13.910",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-16"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190926-0003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4205-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg116312.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.sqlite.org/src/timeline?c=98357d8c1263920b"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-08"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-11"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190926-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4205-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg116312.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.sqlite.org/src/timeline?c=98357d8c1263920b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-08"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-369"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-15 14:15

Modified

2024-11-21 05:26

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10318	Patch, Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4337-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10318	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4337-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.6
oracle	jdk	14.0.0
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.6
oracle	jre	14.0.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	14
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	plug-in_for_symantec_netbackup	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-
debian	debian_linux	8.0
debian	debian_linux	10.0
fedoraproject	fedora	30
fedoraproject	fedora	31
fedoraproject	fedora	32
opensuse	leap	15.1
opensuse	leap	15.2
mcafee	threat_intelligence_exchange_server	*
mcafee	threat_intelligence_exchange_server	2.3.1
mcafee	threat_intelligence_exchange_server	2.3.1
mcafee	threat_intelligence_exchange_server	2.3.1
mcafee	threat_intelligence_exchange_server	3.0.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "E3B8B378-3211-4E63-873D-A05574B39E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84457AF5-BF82-449E-8576-F34DD338BBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_251:*:*:*:*:*:*",
              "matchCriteriaId": "8F257E03-5BA1-4743-983A-6C08F8572FFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_241:*:*:*:*:*:*",
              "matchCriteriaId": "C49049F7-8BA7-4787-8C55-CABFAB6BC0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5E08E5-823D-4F57-BA0A-603F8E680419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D95157-3487-4421-A5E3-801B987625B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8ADAA7A-7951-40D7-B1B1-78944D954209",
              "versionEndIncluding": "11.0.6",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA",
              "versionEndIncluding": "13.0.2",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC",
              "versionEndIncluding": "11.60.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21BCD926-8CE6-4954-891E-05154C9691A1",
              "versionEndExcluding": "2.3.1",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "29DB881A-6CB1-46FD-93F2-A4FD277B9132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix1:*:*:*:*:*:*",
              "matchCriteriaId": "C397BB56-6B67-4625-BACB-47C667FB0452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix2:*:*:*:*:*:*",
              "matchCriteriaId": "AA663385-DB25-4CD2-AC7D-FB501B37AFA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F26126-55C2-4E2E-A586-D93FF38ABF6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Concurrency). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Se aplica a la implementaci\u00f3n de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox. Tambi\u00e9n puede ser explotada al proporcionar datos hacia las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox, tal y como por medio de un servicio web. CVSS 3.0 Puntuaci\u00f3n Base 5.3 (Impactos de la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2020-2830",
  "lastModified": "2024-11-21T05:26:23.537",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T14:15:29.950",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-20 11:16

Modified

2024-11-21 06:12

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.3
oracle	graalvm	21.2.0
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	11.0.12
oracle	openjdk	17
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "190C4FEC-ECFD-4E46-8C4D-F99241CF0F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27723C4B-C434-4733-96E4-397AA6ECE601",
              "versionEndIncluding": "11.50.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Swing). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 y 21.2.0. La vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1 Puntuaci\u00f3n Base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2021-35559",
  "lastModified": "2024-11-21T06:12:31.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-10-20T11:16:34.807",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "C5988521-7571-4AE7-BD02-2C8765FC464B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)"
    }
  ],
  "id": "CVE-2022-21305",
  "lastModified": "2024-11-21T06:44:22.363",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:13.013",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	17
oracle	openjdk	17.0.1
fedoraproject	fedora	34

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "C5988521-7571-4AE7-BD02-2C8765FC464B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan c\u00f3digo no fiable (por ejemplo, c\u00f3digo procedente de Internet) y que dependen de la sandbox de Java para su seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)"
    }
  ],
  "id": "CVE-2022-21291",
  "lastModified": "2024-11-21T06:44:20.077",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:12.350",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-20 11:16

Modified

2024-11-21 06:12

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.3
oracle	graalvm	21.2.0
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	11.0.12
oracle	openjdk	17
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "190C4FEC-ECFD-4E46-8C4D-F99241CF0F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27723C4B-C434-4733-96E4-397AA6ECE601",
              "versionEndIncluding": "11.50.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Utility). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 y 21.2.0. La vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1 Puntuaci\u00f3n Base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2021-35561",
  "lastModified": "2024-11-21T06:12:31.370",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-10-20T11:16:35.587",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-01-15 17:15

Modified

2024-11-21 05:25

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0122	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0128	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0157	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0196	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0202	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0231	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0232	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0541	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0632	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://seclists.org/bugtraq/2020/Feb/22	Issue Tracking, Mailing List, Third Party Advisory
secalert_us@oracle.com	https://seclists.org/bugtraq/2020/Jan/24	Issue Tracking, Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4257-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4605	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4621	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0122	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0157	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0196	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0202	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0231	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0232	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0541	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0632	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Feb/22	Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Jan/24	Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4257-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4605	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4621	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.5
oracle	jdk	13.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.5
oracle	jre	13.0.1
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	11
oracle	openjdk	11.0.1
oracle	openjdk	11.0.2
oracle	openjdk	11.0.3
oracle	openjdk	11.0.4
oracle	openjdk	11.0.5
oracle	openjdk	13
oracle	openjdk	13.0.1
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
opensuse	leap	15.1
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_management	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	steelstore_cloud_integrated_storage	-
redhat	enterprise_linux	8.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_eus	8.1
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "89175649-A3CE-4A15-B875-C93D289F8307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "665B33FE-52FE-4E17-8A80-D61656C49900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_241:*:*:*:*:*:*",
              "matchCriteriaId": "405536FF-8BB9-4926-97E3-61BAA3A75E08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_231:*:*:*:*:*:*",
              "matchCriteriaId": "52496989-B639-4E8E-8319-D5D9FE5B30DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FB7666-E40E-45A6-9F87-A51B9D7E8EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BF92693-510C-48A4-ABFC-AD975DB971CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "465CFA59-8E94-415A-ACF0-E678826813BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85BDC28A-484B-4D14-8D68-890450DCE3F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "635DEFDD-4840-48C6-AB1C-ADAFF4A1E50C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40A221DB-1684-4C87-B576-0969FE13E1AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE6A1B86-3688-4A13-AB37-DBD0DA323202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E0085B-4748-4F79-BEF6-CD9C3D2E6FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD3A4AFB-8D76-4B16-A306-2A10F23E51EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1704C904-6E0A-4972-BC94-326D8BC6315A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "3275348E-0FAF-4DC1-94A6-B53014659D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4",
              "versionEndIncluding": "11.60.3",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Security). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u241, 8u231, 11.0.5 y 13.0.1; Java SE Embedded: 8u231. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de Kerberos comprometer a Java SE, Java SE Embedded. Aunque la vulnerabilidad ocurre en Java SE, Java SE Embedded, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o en un acceso completo a todos los datos accesibles Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox (en Java SE versi\u00f3n 8), que cargan y ejecutan c\u00f3digo no seguros (por ejemplo, c\u00f3digo que proviene de la Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de la API en el componente especificado, por ejemplo, por medio de un servicio web que suministra datos a las API. CVSS 3.0 Base Score 6.8 (Impactos en la Confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)."
    }
  ],
  "id": "CVE-2020-2601",
  "lastModified": "2024-11-21T05:25:41.657",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.0,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-15T17:15:20.300",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0122"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0157"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0196"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0231"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0232"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0541"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0632"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Jan/24"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4257-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4605"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4621"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Jan/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4257-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-20 11:16

Modified

2024-11-21 06:12

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.3
oracle	graalvm	21.2.0
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	11.0.12
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "190C4FEC-ECFD-4E46-8C4D-F99241CF0F75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27723C4B-C434-4733-96E4-397AA6ECE601",
              "versionEndIncluding": "11.50.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JSSE). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 y 21.2.0. La vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de TLS comprometer Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad s\u00f3lo puede ser explotada al suministrar datos a las API en el componente especificado sin usar aplicaciones Java Web Start no confiables o applets Java no confiables, como por ejemplo mediante un servicio web. CVSS 3.1 Puntuaci\u00f3n Base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2021-35565",
  "lastModified": "2024-11-21T06:12:32.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-10-20T11:16:37.893",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-01-15 17:15

Modified

2024-11-21 05:25

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

References

URL	Tags
secalert_us@oracle.com	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.8.0
oracle	jre	1.8.0
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_backup	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_management_plug-ins	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	plug-in_for_symantec_netbackup	-
netapp	santricity_unified_manager	-
netapp	steelstore_cloud_integrated_storage	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "45E3A969-BFC2-45E2-B301-813E9335FC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0DA944C-4992-424D-BC82-474585DAC5DF",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: JavaFX). La versi\u00f3n compatible que est\u00e1 afectada es Java SE: 8u241. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada del acceso a datos cr\u00edticos o a todos los datos accesibles de Java SE. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox (en Java SE versi\u00f3n 8), que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de la Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de la API en el componente especificado, por ejemplo, por medio de un servicio web que suministra datos a las API. CVSS 3.0 Puntaje Base 5.9 (Impactos en la Integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
    }
  ],
  "id": "CVE-2020-2585",
  "lastModified": "2024-11-21T05:25:38.217",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-15T17:15:19.287",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-04-10 20:29

Modified

2024-11-21 04:20

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html	Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2019/04/22/1	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2019/04/23/5	Mailing List, Third Party Advisory
cve@mitre.org	https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6	Patch, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
cve@mitre.org	https://security.netapp.com/advisory/ntap-20191017-0001/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/3947-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/3947-2/	Third Party Advisory
cve@mitre.org	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/04/22/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/04/23/5	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20191017-0001/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3947-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3947-2/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
xmlsoft	libxslt	*
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
debian	debian_linux	8.0
fedoraproject	fedora	29
fedoraproject	fedora	30
oracle	jdk	8.0
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_backup	-
netapp	e-series_santricity_management_plug-ins	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_unified_manager	-
netapp	e-series_santricity_web_services_proxy	-
netapp	element_software	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	plug-in_for_symantec_netbackup	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
netapp	steelstore_cloud_integrated_storage	-
opensuse	leap	15.0
opensuse	leap	15.1
opensuse	leap	42.3

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E054BED-0DA0-4966-8B7F-E7DDFAAF892F",
              "versionEndIncluding": "1.1.33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:8.0:update_221:*:*:*:*:*:*",
              "matchCriteriaId": "8594A5FB-33D0-422E-8F32-16ECF08DB45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0DA944C-4992-424D-BC82-474585DAC5DF",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB695329-036B-447D-BEB0-AA4D89D1D99C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded."
    },
    {
      "lang": "es",
      "value": "libxslt hasta la versi\u00f3n 1.1.33 permite omitir los mecanismos de protecci\u00f3n debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso despu\u00e9s de recibir el c\u00f3digo de error -1. xsltCheckRead puede devolver -1 para una URL creada que no es realmente inv\u00e1lida y que se carga posteriormente."
    }
  ],
  "id": "CVE-2019-11068",
  "lastModified": "2024-11-21T04:20:28.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-10T20:29:01.147",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3947-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3947-2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3947-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3947-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-01-15 17:15

Modified

2024-11-21 05:25

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0122	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0128	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0157	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0196	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0202	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0231	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0232	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0541	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0632	Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://seclists.org/bugtraq/2020/Feb/22	Issue Tracking, Mailing List, Third Party Advisory
secalert_us@oracle.com	https://seclists.org/bugtraq/2020/Jan/24	Issue Tracking, Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4257-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4605	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4621	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0122	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0157	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0196	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0202	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0231	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0232	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0541	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0632	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Feb/22	Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Jan/24	Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4257-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4605	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4621	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.5
oracle	jdk	13.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.5
oracle	jre	13.0.1
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_eus	8.1
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	11
oracle	openjdk	11.0.1
oracle	openjdk	11.0.2
oracle	openjdk	11.0.3
oracle	openjdk	11.0.4
oracle	openjdk	11.0.5
oracle	openjdk	13
oracle	openjdk	13.0.1
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_management_plug-ins	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services_proxy	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	steelstore_cloud_integrated_storage	-
mcafee	epolicy_orchestrator	5.9.0
mcafee	epolicy_orchestrator	5.9.1
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
opensuse	leap	15.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "89175649-A3CE-4A15-B875-C93D289F8307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "665B33FE-52FE-4E17-8A80-D61656C49900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_241:*:*:*:*:*:*",
              "matchCriteriaId": "405536FF-8BB9-4926-97E3-61BAA3A75E08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_231:*:*:*:*:*:*",
              "matchCriteriaId": "52496989-B639-4E8E-8319-D5D9FE5B30DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FB7666-E40E-45A6-9F87-A51B9D7E8EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BF92693-510C-48A4-ABFC-AD975DB971CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "465CFA59-8E94-415A-ACF0-E678826813BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85BDC28A-484B-4D14-8D68-890450DCE3F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "635DEFDD-4840-48C6-AB1C-ADAFF4A1E50C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40A221DB-1684-4C87-B576-0969FE13E1AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE6A1B86-3688-4A13-AB37-DBD0DA323202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E0085B-4748-4F79-BEF6-CD9C3D2E6FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD3A4AFB-8D76-4B16-A306-2A10F23E51EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1704C904-6E0A-4972-BC94-326D8BC6315A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC",
              "versionEndIncluding": "11.60.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: Libraries). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u241, 8u231, 11.0.5 y 13.0.1. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Java SE. Nota: Esta vulnerabilidad solo puede ser explotada proporcionando datos a las API en el Componente especificado sin utilizar aplicaciones Java Web Start no confiables o applets Java no confiables, as\u00ed como por medio de un servicio web. CVSS 3.0 Puntaje Base 3.7 (Impactos en la Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2020-2654",
  "lastModified": "2024-11-21T05:25:54.230",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-15T17:15:24.050",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0122"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0157"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0196"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0231"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0232"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0541"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0632"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Jan/24"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4257-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4605"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4621"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Jan/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4257-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/	Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
fedoraproject	fedora	34
fedoraproject	fedora	35
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "C5988521-7571-4AE7-BD02-2C8765FC464B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Serialization). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 3.7 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)"
    }
  ],
  "id": "CVE-2022-21248",
  "lastModified": "2024-11-21T06:44:11.810",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:10.287",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-10-21 15:15

Modified

2024-11-21 05:04

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.8
oracle	jdk	15
oracle	jre	1.8.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services_proxy	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	santricity_cloud_connector	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
netapp	hci_storage_node	-
debian	debian_linux	9.0
debian	debian_linux	10.0
opensuse	leap	15.2

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3D07DCC8-4D24-4B8F-B72E-83DC311BD683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "AAC508A2-CF8A-4037-87C8-B87E19ABC644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "41F90A96-7F92-4DB8-9B76-BA558FDF9BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3917541-7ACF-4033-86EC-DB54938DBF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "240E3859-040C-4E94-806C-E40E9E2C5EA2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC",
              "versionEndIncluding": "11.60.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:sap:*:*",
              "matchCriteriaId": "C57D2B31-9696-4451-BA04-D093FFCF7E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: JNDI).\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u271, 8u261, 11.0.8 y 15;\u0026#xa0;Java SE Embedded: 8u261.\u0026#xa0;Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded.\u0026#xa0;Nota: Aplica a la implementaci\u00f3n de cliente y servidor de Java.\u0026#xa0;Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets de Java en sandbox.\u0026#xa0;Tambi\u00e9n puede ser explotada al suministrar datos a las API en el Componente especificado sin utilizar aplicaciones Java Web Start en sandbox o applets de Java en sandbox, como mediante un servicio web.\u0026#xa0;Puntuaci\u00f3n Base 3.1 CVSS 3.\u0026#xa0;7 (Impactos de la Confidencialidad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)"
    }
  ],
  "id": "CVE-2020-14781",
  "lastModified": "2024-11-21T05:04:08.630",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-10-21T15:15:18.420",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-10-21 15:15

Modified

2024-11-21 05:04

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.8
oracle	jdk	15
oracle	jre	1.8.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services_proxy	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_unified_manager	-
netapp	santricity_cloud_connector	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
netapp	hci_storage_node	-
debian	debian_linux	9.0
debian	debian_linux	10.0
opensuse	leap	15.2

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3D07DCC8-4D24-4B8F-B72E-83DC311BD683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "AAC508A2-CF8A-4037-87C8-B87E19ABC644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "41F90A96-7F92-4DB8-9B76-BA558FDF9BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3917541-7ACF-4033-86EC-DB54938DBF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "240E3859-040C-4E94-806C-E40E9E2C5EA2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC",
              "versionEndIncluding": "11.60.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C18CA4B5-28FD-4199-B1F0-B1E59E920370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:sap:*:*",
              "matchCriteriaId": "C57D2B31-9696-4451-BA04-D093FFCF7E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries).\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u271, 8u261, 11.0.8 y 15;\u0026#xa0;Java SE integrado: 8u261.\u0026#xa0;Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded.\u0026#xa0;Los ataques con \u00e9xito requieren la interacci\u00f3n humana de una persona diferente del atacante.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, Java SE Embedded.\u0026#xa0;Nota: Esta vulnerabilidad aplica a las implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets de Java en sandbox, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y conf\u00edan en el sandbox de Java para su seguridad.\u0026#xa0;Esta vulnerabilidad no aplica a las implementaciones de Java, generalmente en servidores, que cargan y ejecutan solo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador).\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 3.1 (Impactos de la Integridad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)"
    }
  ],
  "id": "CVE-2020-14798",
  "lastModified": "2024-11-21T05:04:11.433",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-10-21T15:15:19.780",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-01-15 17:15

Modified

2024-11-21 05:25

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0122	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0128	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0157	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0196	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0202	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0231	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0232	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0465	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0467	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0468	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0469	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0470	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0541	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0632	Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://seclists.org/bugtraq/2020/Feb/22	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://seclists.org/bugtraq/2020/Jan/24	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4257-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4605	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4621	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0122	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0157	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0196	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0202	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0231	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0232	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0465	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0467	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0468	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0469	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0470	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0541	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0632	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Feb/22	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Jan/24	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4257-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4605	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4621	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.5
oracle	jdk	13.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.5
oracle	jre	13.0.1
redhat	enterprise_linux	8.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_eus	8.1
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	11
oracle	openjdk	11.0.1
oracle	openjdk	11.0.2
oracle	openjdk	11.0.3
oracle	openjdk	11.0.4
oracle	openjdk	11.0.5
oracle	openjdk	13
oracle	openjdk	13.0.1
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
opensuse	leap	15.1
mcafee	epolicy_orchestrator	5.9.0
mcafee	epolicy_orchestrator	5.9.1
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_management	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	steelstore_cloud_integrated_storage	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "89175649-A3CE-4A15-B875-C93D289F8307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "665B33FE-52FE-4E17-8A80-D61656C49900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_241:*:*:*:*:*:*",
              "matchCriteriaId": "405536FF-8BB9-4926-97E3-61BAA3A75E08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_231:*:*:*:*:*:*",
              "matchCriteriaId": "52496989-B639-4E8E-8319-D5D9FE5B30DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FB7666-E40E-45A6-9F87-A51B9D7E8EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BF92693-510C-48A4-ABFC-AD975DB971CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "465CFA59-8E94-415A-ACF0-E678826813BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85BDC28A-484B-4D14-8D68-890450DCE3F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "635DEFDD-4840-48C6-AB1C-ADAFF4A1E50C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40A221DB-1684-4C87-B576-0969FE13E1AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE6A1B86-3688-4A13-AB37-DBD0DA323202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E0085B-4748-4F79-BEF6-CD9C3D2E6FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD3A4AFB-8D76-4B16-A306-2A10F23E51EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1704C904-6E0A-4972-BC94-326D8BC6315A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "3275348E-0FAF-4DC1-94A6-B53014659D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4",
              "versionEndIncluding": "11.60.3",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Networking). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u241, 8u231, 11.0.5 y 13.0.1; Java SE Embedded: 8u231. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, Java SE Embedded, as\u00ed como tambi\u00e9n en el acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox (en Java SE versi\u00f3n 8), que cargan y ejecutan c\u00f3digo no seguro (por ejemplo, c\u00f3digo que proviene de la Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de la API en el componente especificado, por ejemplo, por medio de un servicio web que suministra datos a las API. CVSS 3.0 Puntuaci\u00f3n Base 4.8 (Impactos en la Confidencialidad e Integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
    }
  ],
  "id": "CVE-2020-2593",
  "lastModified": "2024-11-21T05:25:40.017",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-15T17:15:19.817",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0122"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0157"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0196"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0231"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0232"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0465"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0467"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0468"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0470"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0541"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0632"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Jan/24"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4257-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4605"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4621"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Jan/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4257-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-15 14:15

Modified

2024-11-21 05:26

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4337-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4337-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.8.0
oracle	jdk	11.0.6
oracle	jdk	14.0.0
oracle	jre	1.8.0
oracle	jre	11.0.6
oracle	jre	14.0.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	14
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-
fedoraproject	fedora	30
fedoraproject	fedora	31
fedoraproject	fedora	32
opensuse	leap	15.1
opensuse	leap	15.2
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
mcafee	epolicy_orchestrator	5.9.0
mcafee	epolicy_orchestrator	5.9.1
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84457AF5-BF82-449E-8576-F34DD338BBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "27495366-B260-4F56-9BC2-9B862E7DCABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5E08E5-823D-4F57-BA0A-603F8E680419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D95157-3487-4421-A5E3-801B987625B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8ADAA7A-7951-40D7-B1B1-78944D954209",
              "versionEndIncluding": "11.0.6",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA",
              "versionEndIncluding": "13.0.2",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Scripting). Las versiones compatibles que est\u00e1n afectadas son Java SE: 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una denegaci\u00f3n de servicio parcial  (DOS parcial) de Java SE, Java SE Embedded. Nota: Se aplica a la implementaci\u00f3n de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox  y applets de Java dentro del sandbox . Tambi\u00e9n puede ser explotada al proporcionar datos a las API en el Componente especificado sin usar  aplicaciones de Java Web Start dentro del sandbox  o applets de Java dentro del sandbox , tal y como por medio de un servicio web. CVSS 3.0 Puntuaci\u00f3n Base 3.7 (Impactos de la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2020-2755",
  "lastModified": "2024-11-21T05:26:10.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T14:15:25.420",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "C5988521-7571-4AE7-BD02-2C8765FC464B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21340",
  "lastModified": "2024-11-21T06:44:27.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:14.650",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-15 18:15

Modified

2024-11-21 05:03

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202008-24	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4433-1/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4453-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4734	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202008-24	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4433-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4453-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4734	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.8.0
oracle	jdk	11.0.7
oracle	jdk	14.0.1
oracle	jre	1.8.0
fedoraproject	fedora	31
fedoraproject	fedora	32
opensuse	leap	15.1
opensuse	leap	15.2
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	20.04
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "FF39F7B1-6571-4BF6-A58F-4A6801636217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A0D065C-C4AB-4558-86C3-9A89C9CADBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D034E25-195A-4926-9FEC-A2B9F01E0CFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "D2DD43D4-AF2E-41DF-90C0-F899C624430E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries). Las versiones compatibles que est\u00e1n afectadas son Java SE: 8u251, 11.0.7 y 14.0.1; Java SE Embedded: 8u251. La vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso de red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, Java SE Embedded, as\u00ed como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded. Nota: Aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start en sandbox y applets de Java en sandbox. Tambi\u00e9n puede ser explotada mediante el suministro de datos a las API en el Componente especificado sin utilizar aplicaciones de Java Web Start en sandbox o applets de Java en sandbox, como por medio de un servicio web. CVSS 3.1 Puntuaci\u00f3n Base 4.8 (Impactos de la Confidencialidad e Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)"
    }
  ],
  "id": "CVE-2020-14556",
  "lastModified": "2024-11-21T05:03:32.060",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-07-15T18:15:20.037",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-24"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4433-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4453-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4734"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4433-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4453-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-10-21 15:15

Modified

2024-11-21 05:04

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	19.3.3
oracle	graalvm	19.3.4
oracle	graalvm	20.2.0
oracle	graalvm	20.3.0
oracle	jdk	7.0
oracle	jdk	8.0
oracle	jdk	11.0.8
oracle	jdk	15.0
oracle	jre	7.0
oracle	jre	8.0
oracle	jre	11.0.8
oracle	jre	15.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services_proxy	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_unified_manager	-
netapp	santricity_cloud_connector	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
netapp	hci_storage_node	-
debian	debian_linux	9.0
debian	debian_linux	10.0
opensuse	leap	15.2

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:19.3.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "1B03772B-B94E-4270-B059-448F336ADC91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "937F66F5-F5BA-4156-82E0-EB2C99ABD41A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.2.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "344B1586-9A1F-4C0B-8478-3807548F7A66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "BC0F8B31-F93B-40B6-9C06-A3996DC63829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:7.0:update_281:*:*:*:*:*:*",
              "matchCriteriaId": "BB0E7B5F-0E69-4BF2-B7F8-06EFF2EA5BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:8.0:update_271:*:*:*:*:*:*",
              "matchCriteriaId": "654FC82E-A5C9-4857-BF5D-844F224AD873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "41F90A96-7F92-4DB8-9B76-BA558FDF9BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC219A9B-8A6F-49A1-B72D-4825EF7684A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:7.0:update_281:*:*:*:*:*:*",
              "matchCriteriaId": "D4A3EBDD-A5EE-40B1-9052-2A9A534ED041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:8.0:update_271:*:*:*:*:*:*",
              "matchCriteriaId": "23CE2615-9DAF-479F-9DA8-E2958DD9F8E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB90BAC0-EC64-48BF-9B22-41F5B540AB04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "661AAB08-8C4E-41DD-9E59-2E82B27393B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC",
              "versionEndIncluding": "11.60.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C18CA4B5-28FD-4199-B1F0-B1E59E920370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:sap:*:*",
              "matchCriteriaId": "C57D2B31-9696-4451-BA04-D093FFCF7E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: Libraries).\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son Java SE: 11.0.8 y 15. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE.\u0026#xa0;Nota: Esta vulnerabilidad Aplica a las implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets de Java en sandbox, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y conf\u00edan en el sandbox de Java para su seguridad.\u0026#xa0;Esta vulnerabilidad no aplica a las implementaciones de Java, t\u00edpicamente en servidores, que cargan y ejecutan solo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador).\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 5.\u0026#xa0;3 (Impactos de la Confidencialidad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)"
    }
  ],
  "id": "CVE-2020-14803",
  "lastModified": "2024-11-21T05:04:12.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-10-21T15:15:20.203",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-10-21 15:15

Modified

2024-11-21 05:04

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.8
oracle	jdk	15
oracle	jre	1.8.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services_proxy	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_unified_manager	-
netapp	santricity_cloud_connector	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
netapp	hci_storage_node	-
opensuse	leap	15.2
debian	debian_linux	9.0
debian	debian_linux	10.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3D07DCC8-4D24-4B8F-B72E-83DC311BD683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "AAC508A2-CF8A-4037-87C8-B87E19ABC644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "41F90A96-7F92-4DB8-9B76-BA558FDF9BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3917541-7ACF-4033-86EC-DB54938DBF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "240E3859-040C-4E94-806C-E40E9E2C5EA2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC",
              "versionEndIncluding": "11.60.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C18CA4B5-28FD-4199-B1F0-B1E59E920370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:sap:*:*",
              "matchCriteriaId": "C57D2B31-9696-4451-BA04-D093FFCF7E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries).\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u271, 8u261, 11.0.8 y 15;\u0026#xa0;Java SE integrado: 8u261.\u0026#xa0;Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, Java SE Embedded.\u0026#xa0;Nota: Aplica a la implementaci\u00f3n de cliente y servidor de Java.\u0026#xa0;Esta vulnerabilidad puede ser explotada por medio de unas aplicaciones Java Web Start en sandbox y applets de Java en sandbox.\u0026#xa0;Tambi\u00e9n puede explotarse proporcionando datos hacia las API en el Componente especificado sin usar aplicaciones Java Web Start en sandbox o applets de Java en sandbox, como por medio de un servicio web.\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 3.7 (Impactos de la Integridad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)"
    }
  ],
  "id": "CVE-2020-14797",
  "lastModified": "2024-11-21T05:04:11.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-10-21T15:15:19.703",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-10-21 15:15

Modified

2024-11-21 05:04

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.8
oracle	jdk	15
oracle	jre	1.8.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services_proxy	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_unified_manager	-
netapp	santricity_cloud_connector	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
netapp	hci_storage_node	-
opensuse	leap	15.2
debian	debian_linux	9.0
debian	debian_linux	10.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3D07DCC8-4D24-4B8F-B72E-83DC311BD683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "AAC508A2-CF8A-4037-87C8-B87E19ABC644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "41F90A96-7F92-4DB8-9B76-BA558FDF9BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3917541-7ACF-4033-86EC-DB54938DBF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "240E3859-040C-4E94-806C-E40E9E2C5EA2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC",
              "versionEndIncluding": "11.60.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C18CA4B5-28FD-4199-B1F0-B1E59E920370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:sap:*:*",
              "matchCriteriaId": "C57D2B31-9696-4451-BA04-D093FFCF7E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries).\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u271, 8u261, 11.0.8 y 15;\u0026#xa0;Java SE Embedded: 8u261.\u0026#xa0;Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded.\u0026#xa0;Los ataques con \u00e9xito requieren la interacci\u00f3n humana de una persona diferente del atacante.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded.\u0026#xa0;Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets de Java en sandbox, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, C\u00f3digo que proviene de Internet) y conf\u00edan en el entorno de pruebas de Java para su seguridad.\u0026#xa0;Esta vulnerabilidad no se aplica a las implementaciones de Java, generalmente en servidores, que cargan y ejecutan solo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador).\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 3.1 (Impactos de la Confidencialidad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)"
    }
  ],
  "id": "CVE-2020-14796",
  "lastModified": "2024-11-21T05:04:11.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-10-21T15:15:19.640",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "C5988521-7571-4AE7-BD02-2C8765FC464B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Serialization). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21341",
  "lastModified": "2024-11-21T06:44:27.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:14.697",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-19 21:15

Modified

2024-11-21 06:44

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

References

URL	Tags
secalert_us@oracle.com	http://www.openwall.com/lists/oss-security/2022/04/28/2	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://www.openwall.com/lists/oss-security/2022/04/28/3	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://www.openwall.com/lists/oss-security/2022/04/28/4	Mailing List
secalert_us@oracle.com	http://www.openwall.com/lists/oss-security/2022/04/28/5	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://www.openwall.com/lists/oss-security/2022/04/28/6	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://www.openwall.com/lists/oss-security/2022/04/28/7	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://www.openwall.com/lists/oss-security/2022/04/29/1	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://www.openwall.com/lists/oss-security/2022/04/30/1	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://www.openwall.com/lists/oss-security/2022/04/30/2	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://www.openwall.com/lists/oss-security/2022/04/30/3	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://www.openwall.com/lists/oss-security/2022/04/30/4	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://www.openwall.com/lists/oss-security/2022/05/01/1	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://www.openwall.com/lists/oss-security/2022/05/01/2	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://www.openwall.com/lists/oss-security/2022/05/02/1	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/04/28/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/04/28/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/04/28/4	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/04/28/5	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/04/28/6	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/04/28/7	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/04/29/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/04/30/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/04/30/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/04/30/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/04/30/4	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/05/01/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/05/01/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/05/02/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	21.3.1
oracle	graalvm	22.0.0.2
oracle	jdk	17.0.2
oracle	jdk	18
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights	-
netapp	e-series_santricity_os_controller	11.0
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	solidfire\,_enterprise_sds_\&_hci_storage_node	-
netapp	solidfire_\&_hci_management_node	-
netapp	hci_compute_node	-
azul	zulu	15.38
azul	zulu	17.32
azul	zulu	18.28

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A29CF53D-7DDC-4B60-8232-6C173083101F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA091EC-B5A9-468D-B99C-BB6F333E7B64",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "680ECEAE-D73F-47D2-8AF8-7704469CF3EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AD8BF00-C510-4E63-8949-CB64E9043610",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Bibliotecas). Las versiones afectadas son Oracle Java SE: 17.0.2 y 18; Oracle GraalVM Enterprise Edition: 21.3.1 y 22.0.0.2. La vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autentificado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n no autorizada, la eliminaci\u00f3n o el acceso a la modificaci\u00f3n de datos cr\u00edticos o todos los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con caja de arena, que cargan y ejecutan c\u00f3digo no fiable (por ejemplo, c\u00f3digo procedente de Internet) y que dependen de la caja de arena de Java para su seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que suministra datos a las APIs. Puntuaci\u00f3n de base CVSS 3.1: 7,5 (impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)"
    }
  ],
  "id": "CVE-2022-21449",
  "lastModified": "2024-11-21T06:44:43.570",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-04-19T21:15:16.127",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/28/2"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/28/3"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/28/4"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/28/5"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/28/6"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/28/7"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/29/1"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/30/1"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/30/2"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/30/3"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/30/4"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/05/01/1"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/05/01/2"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/05/02/1"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/28/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/28/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/28/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/28/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/28/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/28/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/29/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/30/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/30/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/30/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/30/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/05/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/05/01/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/05/02/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-15 14:15

Modified

2024-11-21 05:26

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4337-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4337-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.6
oracle	jdk	14.0.0
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.6
oracle	jre	14.0.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	14
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-
fedoraproject	fedora	30
fedoraproject	fedora	31
fedoraproject	fedora	32
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
opensuse	leap	15.1
opensuse	leap	15.2
mcafee	epolicy_orchestrator	*
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "E3B8B378-3211-4E63-873D-A05574B39E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84457AF5-BF82-449E-8576-F34DD338BBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "221B755E-48C0-4530-AFBD-4B00CF6A696F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "27495366-B260-4F56-9BC2-9B862E7DCABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5E08E5-823D-4F57-BA0A-603F8E680419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D95157-3487-4421-A5E3-801B987625B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8ADAA7A-7951-40D7-B1B1-78944D954209",
              "versionEndIncluding": "11.0.6",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA",
              "versionEndIncluding": "13.0.2",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E5302AA-9FB5-4F30-9E75-43796783E906",
              "versionEndExcluding": "5.10.0",
              "versionStartIncluding": "5.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Serialization). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una denegaci\u00f3n de servicio parcial  (DOS parcial) de Java SE, Java SE Embedded. Nota: Se aplica a la implementaci\u00f3n de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox  y applets de Java dentro del sandbox . Tambi\u00e9n puede ser explotada al proporcionar datos a las API en el Componente especificado sin usar  aplicaciones de Java Web Start dentro del sandbox  o applets de Java dentro del sandbox , tal y como por medio de un servicio web. CVSS 3.0 Puntuaci\u00f3n Base 3.7 (Impactos de la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2020-2756",
  "lastModified": "2024-11-21T05:26:10.873",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T14:15:25.483",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        },
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-15 14:15

Modified

2024-11-21 05:26

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4337-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4337-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.6
oracle	jdk	14.0.0
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.6
oracle	jre	14.0.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	14
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-
fedoraproject	fedora	30
fedoraproject	fedora	31
fedoraproject	fedora	32
opensuse	leap	15.1
opensuse	leap	15.2
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
mcafee	epolicy_orchestrator	*
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "E3B8B378-3211-4E63-873D-A05574B39E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84457AF5-BF82-449E-8576-F34DD338BBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "221B755E-48C0-4530-AFBD-4B00CF6A696F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "27495366-B260-4F56-9BC2-9B862E7DCABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5E08E5-823D-4F57-BA0A-603F8E680419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D95157-3487-4421-A5E3-801B987625B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8ADAA7A-7951-40D7-B1B1-78944D954209",
              "versionEndIncluding": "11.0.6",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA",
              "versionEndIncluding": "13.0.2",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E5302AA-9FB5-4F30-9E75-43796783E906",
              "versionEndExcluding": "5.10.0",
              "versionStartIncluding": "5.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Serialization). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Se aplica a la implementaci\u00f3n de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox  y applets de Java dentro del sandbox . Tambi\u00e9n puede ser explotada al proporcionar datos a las API en el Componente especificado sin usar  aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox, tal y como por medio de un servicio web. CVSS 3.0 Puntuaci\u00f3n Base 3.7 (Impactos de la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2020-2757",
  "lastModified": "2024-11-21T05:26:11.117",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T14:15:25.547",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        },
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-20 11:16

Modified

2024-11-21 06:12

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.3
oracle	graalvm	21.2.0
oracle	openjdk	7
oracle	openjdk	8
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35
debian	debian_linux	9.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 y 21.2.0. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito requieren una interacci\u00f3n humana de una persona diferente del atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1 Puntuaci\u00f3n Base  3.1 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2021-35588",
  "lastModified": "2024-11-21T06:12:35.663",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-10-20T11:16:59.593",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-15 14:15

Modified

2024-11-21 05:26

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4337-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4337-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	11.0.6
oracle	jdk	14.0.0
oracle	jre	11.0.6
oracle	jre	14.0.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	14
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	plug-in_for_symantec_netbackup	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
debian	debian_linux	10.0
opensuse	leap	15.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84457AF5-BF82-449E-8576-F34DD338BBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5E08E5-823D-4F57-BA0A-603F8E680419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D95157-3487-4421-A5E3-801B987625B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8ADAA7A-7951-40D7-B1B1-78944D954209",
              "versionEndIncluding": "11.0.6",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA",
              "versionEndIncluding": "13.0.2",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: JSSE). Las versiones compatibles que est\u00e1n afectadas son Java SE: 11.0.6 y 14. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de HTTPS comprometer a Java SE. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, as\u00ed como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE. Nota: Se aplica a la implementaci\u00f3n de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox. Tambi\u00e9n puede ser explotada al proporcionar datos a las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox, tal y como por medio de un servicio web. CVSS 3.0 Puntuaci\u00f3n Base 4.8 (Impactos de la confidencialidad y la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
    }
  ],
  "id": "CVE-2020-2767",
  "lastModified": "2024-11-21T05:26:12.807",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T14:15:26.187",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-01-15 17:15

Modified

2024-11-21 05:25

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0122	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0128	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0196	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0202	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0231	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0232	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0465	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0467	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0468	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0469	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0470	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0541	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2020:0632	Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://seclists.org/bugtraq/2020/Feb/22	Issue Tracking, Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4257-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4621	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0122	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0196	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0202	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0231	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0232	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0465	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0467	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0468	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0469	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0470	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0541	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0632	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10315	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Feb/22	Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200122-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4257-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4621	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2021.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
oracle	commerce_experience_manager	11.3.2
oracle	commerce_guided_search	11.3.2
oracle	graalvm	19.3.0.2
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.5
oracle	jdk	13.0.1
oracle	jre	1.8.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_eus	8.1
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
debian	debian_linux	8.0
debian	debian_linux	9.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
opensuse	leap	15.1
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_management_plug-ins	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services_proxy	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	steelstore_cloud_integrated_storage	-
mcafee	epolicy_orchestrator	5.9.0
mcafee	epolicy_orchestrator	5.9.1
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:commerce_experience_manager:11.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4BBE71A-CEE7-4319-9E7F-6D52E9905C7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:19.3.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6B257954-6EF3-4CBF-A8A7-699F70F98153",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "89175649-A3CE-4A15-B875-C93D289F8307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "665B33FE-52FE-4E17-8A80-D61656C49900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update231:*:*:*:*:*:*",
              "matchCriteriaId": "45E3A969-BFC2-45E2-B301-813E9335FC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41909CBE-B056-4E00-AE21-670AA518E1B9",
              "versionEndIncluding": "11.0.5",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43C96E91-EF8B-4A0E-A9A2-3525A8DD463E",
              "versionEndIncluding": "13.0.1",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC",
              "versionEndIncluding": "11.60.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en Java SE, producto Java SE Embedded de Oracle Java SE (componente: serializaci\u00f3n). Las versiones compatibles que se ven afectadas son Java SE: 7u241, 8u231, 11.0.5 y 13.0.1; Java SE Embedded: 8u231. La vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start de espacio aislado o applets de Java de espacio aislado (en Java SE 8), que cargan y ejecutan c\u00f3digo no seguro (por ejemplo, c\u00f3digo que proviene de Internet) y dependen de Java caja de arena para seguridad. Esta vulnerabilidad tambi\u00e9n puede explotarse mediante el uso de API en el Componente especificado, por ejemplo, a trav\u00e9s de un servicio web que suministra datos a las API. CVSS v3.0 Base Score 8.1 (Impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS: 3.0 / AV: N / AC: H / PR: N / UI: N / S: U / C: H / I: H / A: H)."
    }
  ],
  "id": "CVE-2020-2604",
  "lastModified": "2024-11-21T05:25:42.330",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-15T17:15:20.487",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0122"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0196"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0202"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0231"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0232"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0465"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0467"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0468"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0469"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0470"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0541"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0632"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4257-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4621"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4257-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-19 21:15

Modified

2024-11-21 06:44

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.5
oracle	graalvm	21.3.1
oracle	graalvm	22.0.0.2
oracle	java_se	7u331
oracle	java_se	8u321
oracle	java_se	11.0.14
oracle	java_se	17.0.2
oracle	java_se	18
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	element_software	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	santricity_unified_manager	-
netapp	solidfire	-
netapp	bootstrap_os	-
netapp	hci_compute_node	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
azul	zulu	6.45
azul	zulu	7.52
azul	zulu	8.60
azul	zulu	11.54
azul	zulu	13.46
azul	zulu	15.38
azul	zulu	17.32
azul	zulu	18.28

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:7u331:*:*:*:*:*:*:*",
              "matchCriteriaId": "C15F860C-6B33-4950-B443-E2A7D4639573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:8u321:*:*:*:*:*:*:*",
              "matchCriteriaId": "696E27A2-34A2-49A8-BEF4-61718D11DD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:11.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9F8A53-6CBE-45EF-A920-4D448B9CE31F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:17.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00AC1B6D-9156-40A3-B606-845CCC33D724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "022EC03C-1574-4421-9AB7-0EEF0D089322",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "850B5359-7804-406B-9DC9-D22D65ACEE40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC61C25-871B-4F6F-A5F0-77359F373681",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0DC492-706E-42FE-8757-71873B53C417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AD8BF00-C510-4E63-8949-CB64E9043610",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una negaci\u00f3n parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 3.7 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21443",
  "lastModified": "2024-11-21T06:44:42.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-04-19T21:15:15.800",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-15 18:15

Modified

2024-11-21 05:03

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202008-24	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4433-1/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4453-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4734	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202008-24	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4433-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4453-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4734	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.7
oracle	jdk	14.0.1
oracle	jre	1.8.0
fedoraproject	fedora	31
fedoraproject	fedora	32
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	20.04
debian	debian_linux	9.0
debian	debian_linux	10.0
opensuse	leap	15.1
opensuse	leap	15.2
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "C9F6C698-54CB-4CBE-BBC9-2A059D419BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "FF39F7B1-6571-4BF6-A58F-4A6801636217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A0D065C-C4AB-4558-86C3-9A89C9CADBF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D034E25-195A-4926-9FEC-A2B9F01E0CFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "D2DD43D4-AF2E-41DF-90C0-F899C624430E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: 2D). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u261, 8u251, 11.0.7 y 14.0.1; Java SE Embedded: 8u251. La vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso de red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito requieren la interacci\u00f3n humana de una persona diferente del atacante y, aunque la vulnerabilidad se encuentra en Java SE, Java SE Embedded, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada del acceso a datos cr\u00edticos o a todos los datos accesibles Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets de Java en sandbox, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de Internet) y conf\u00edan en el sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a las implementaciones de Java, generalmente en servidores, que cargan y ejecutan solo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por parte de un administrador). CVSS 3.1 Puntuaci\u00f3n Base 7.4 (Impactos de la Integridad). Vector CVSS:(CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)"
    }
  ],
  "id": "CVE-2020-14593",
  "lastModified": "2024-11-21T05:03:38.143",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-07-15T18:15:25.050",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-24"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4433-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4453-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4734"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4433-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4453-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-20 11:16

Modified

2024-11-21 06:12

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.3
oracle	graalvm	21.2.0
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	11.0.12
oracle	openjdk	17
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "190C4FEC-ECFD-4E46-8C4D-F99241CF0F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27723C4B-C434-4733-96E4-397AA6ECE601",
              "versionEndIncluding": "11.50.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Swing). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 y 21.2.0. La vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a las implantaciones de Java, normalmente en servidores, que cargan y ejecutan \u00fanicamente c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntuaci\u00f3n Base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2021-35556",
  "lastModified": "2024-11-21T06:12:30.510",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-10-20T11:16:33.723",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-10-20 11:17

Modified

2024-11-21 06:12

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.3
oracle	graalvm	21.2.0
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	11.0.12
oracle	openjdk	17
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
fedoraproject	fedora	33
fedoraproject	fedora	34
fedoraproject	fedora	35

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "190C4FEC-ECFD-4E46-8C4D-F99241CF0F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JSSE). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 y 21.2.0. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de TLS comprometer Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1 Puntuaci\u00f3n Base 3.7 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)"
    }
  ],
  "id": "CVE-2021-35603",
  "lastModified": "2024-11-21T06:12:37.800",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-10-20T11:17:05.727",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-15 18:15

Modified

2024-11-21 05:03

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

References

URL	Tags
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2020.html	Vendor Advisory
secalert_us@oracle.com	https://www.zerodayinitiative.com/advisories/ZDI-20-897/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-20-897/	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
oracle	jdk	1.8.0
oracle	jre	1.8.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "FF39F7B1-6571-4BF6-A58F-4A6801636217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "D2DD43D4-AF2E-41DF-90C0-F899C624430E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: JavaFX). La versi\u00f3n compatible que est\u00e1 afectada es Java SE: 8u251. La vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso de red por medio de m\u00faltiples protocolos comprometer a Java SE. Los ataques con \u00e9xito requieren la interacci\u00f3n humana de una persona diferente del atacante y, aunque la vulnerabilidad se encuentra en Java SE, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets de Java en sandbox, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de Internet) y conf\u00edan en el sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a las implementaciones de Java, generalmente en servidores, que cargan y ejecutan solo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por parte de un administrador). CVSS 3.1 Puntuaci\u00f3n Base 8.3 (Impactos de la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)"
    }
  ],
  "id": "CVE-2020-14664",
  "lastModified": "2024-11-21T05:03:50.127",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-07-15T18:15:31.333",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-05-19 14:15

Modified

2024-11-21 06:21

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Summary

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1954232	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html	Mailing List, Third Party Advisory
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
secalert@redhat.com	https://security.gentoo.org/glsa/202107-05	Third Party Advisory
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20210625-0002/	Third Party Advisory
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
secalert@redhat.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Third Party Advisory
secalert@redhat.com	https://www.oracle.com/security-alerts/cpujan2022.html	Patch, Third Party Advisory
secalert@redhat.com	https://www.oracle.com/security-alerts/cpujul2022.html	Not Applicable
secalert@redhat.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1954232	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210625-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2022.html	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
xmlsoft	libxml2	*
redhat	jboss_core_services	-
redhat	enterprise_linux	8.0
fedoraproject	fedora	33
fedoraproject	fedora	34
debian	debian_linux	9.0
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	clustered_data_ontap	-
netapp	clustered_data_ontap_antivirus_connector	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	manageability_software_development_kit	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	ontap_select_deploy_administration_utility	-
netapp	santricity_unified_manager	-
netapp	snapdrive	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
netapp	hci_h410c_firmware	-
netapp	hci_h410c	-
oracle	communications_cloud_native_core_network_function_cloud_native_environment	1.10.0
oracle	enterprise_manager_base_platform	13.4.0.0
oracle	enterprise_manager_base_platform	13.5.0.0
oracle	mysql_workbench	*
oracle	openjdk	8
oracle	peoplesoft_enterprise_peopletools	8.58
oracle	real_user_experience_insight	13.4.1.0
oracle	real_user_experience_insight	13.5.1.0
oracle	zfs_storage_appliance_kit	8.8

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "208AF535-5D38-45B4-B227-2892611C5A20",
              "versionEndExcluding": "2.9.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D39DCAE7-494F-40B2-867F-6C6A077939DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08C564D8-E21F-403C-B4BB-7B14B7FB5DAE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8532F5F0-00A1-4FA9-A80B-09E46D03F74F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED6C8C2-F986-4CFD-A343-AD2340F850F2",
              "versionEndIncluding": "8.0.26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADD7026-EF85-40A5-8563-7A34C6941B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58F019E8-F68D-41B5-9480-0A81616F2E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application."
    },
    {
      "lang": "es",
      "value": "Se presenta un fallo en la funcionalidad xml entity encoding de libxml2 en versiones anteriores a 2.9.11.\u0026#xa0;Un atacante que sea capaz de proporcionar un archivo dise\u00f1ado para que sea procesado por una aplicaci\u00f3n vinculada con la funcionalidad afectada de libxml2 podr\u00eda desencadenar una lectura fuera de los l\u00edmites.\u0026#xa0;El impacto m\u00e1s probable de este fallo es la disponibilidad de la aplicaci\u00f3n, con alg\u00fan impacto potencial en la confidencialidad e integridad si un atacante puede usar la informaci\u00f3n de la memoria para explotar a\u00fan m\u00e1s la aplicaci\u00f3n"
    }
  ],
  "id": "CVE-2021-3517",
  "lastModified": "2024-11-21T06:21:44.107",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-19T14:15:07.553",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-05"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210625-0002/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210625-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "C5988521-7571-4AE7-BD02-2C8765FC464B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: ImageIO). Las versiones soportadas que est\u00e1n afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21365",
  "lastModified": "2024-11-21T06:44:31.517",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:15.770",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "C5988521-7571-4AE7-BD02-2C8765FC464B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JAXP). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)"
    }
  ],
  "id": "CVE-2022-21282",
  "lastModified": "2024-11-21T06:44:17.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:11.930",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-15 14:15

Modified

2024-11-21 05:26

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10318	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4337-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10318	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4337-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.6
oracle	jdk	14.0.0
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.6
oracle	jre	14.0.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	14
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
opensuse	leap	15.1
opensuse	leap	15.2
fedoraproject	fedora	30
fedoraproject	fedora	31
fedoraproject	fedora	32
mcafee	threat_intelligence_exchange_server	2.0.0
mcafee	threat_intelligence_exchange_server	2.0.1
mcafee	threat_intelligence_exchange_server	2.1.0
mcafee	threat_intelligence_exchange_server	2.1.0
mcafee	threat_intelligence_exchange_server	2.1.0
mcafee	threat_intelligence_exchange_server	2.1.0
mcafee	threat_intelligence_exchange_server	2.1.1
mcafee	threat_intelligence_exchange_server	2.1.1
mcafee	threat_intelligence_exchange_server	2.1.1
mcafee	threat_intelligence_exchange_server	2.1.1
mcafee	threat_intelligence_exchange_server	2.2.0
mcafee	threat_intelligence_exchange_server	2.2.0
mcafee	threat_intelligence_exchange_server	2.3.0
mcafee	threat_intelligence_exchange_server	2.3.0
mcafee	threat_intelligence_exchange_server	2.3.1
mcafee	threat_intelligence_exchange_server	2.3.1
mcafee	threat_intelligence_exchange_server	2.3.1
mcafee	threat_intelligence_exchange_server	3.0.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "E3B8B378-3211-4E63-873D-A05574B39E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84457AF5-BF82-449E-8576-F34DD338BBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "221B755E-48C0-4530-AFBD-4B00CF6A696F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "27495366-B260-4F56-9BC2-9B862E7DCABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5E08E5-823D-4F57-BA0A-603F8E680419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D95157-3487-4421-A5E3-801B987625B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8ADAA7A-7951-40D7-B1B1-78944D954209",
              "versionEndIncluding": "11.0.6",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA",
              "versionEndIncluding": "13.0.2",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99BFD3EF-DAEC-47D2-A906-5C418DA9D1F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F6933C-6A56-42C2-BECA-AB2A013C173D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "C2685FF4-8022-4D16-BC6C-F85508C9B9DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:hotfix1:*:*:*:*:*:*",
              "matchCriteriaId": "290E71B0-8118-4F05-8CCB-3E952420E370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:hotfix2:*:*:*:*:*:*",
              "matchCriteriaId": "B91A378C-4F0C-43B8-9DA4-818ADD51C32E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:hotfix3:*:*:*:*:*:*",
              "matchCriteriaId": "359D129D-8E7D-4EE1-9894-D35F9292459E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "22455AE9-D137-412F-855A-069478B73BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:hotfix1:*:*:*:*:*:*",
              "matchCriteriaId": "E9518ACD-79E5-4FF4-9BB3-7D92E9B18D79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:hotfix2:*:*:*:*:*:*",
              "matchCriteriaId": "5B16EF24-B756-4FCC-9211-1D2E50863940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:hotfix3:*:*:*:*:*:*",
              "matchCriteriaId": "240238B8-B3BC-4DDB-A846-6193EA06D9A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "65418AD1-C8F4-4BC9-9B49-C2AE74922651",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.2.0:hotfix1:*:*:*:*:*:*",
              "matchCriteriaId": "573B5699-CA26-47C6-A226-C7315A16C02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "FB1A0CF4-67A6-4FCC-BD15-60D15C7AE403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.0:hotfix1:*:*:*:*:*:*",
              "matchCriteriaId": "F10CAF8F-8795-490B-B14D-868AEC34883C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "29DB881A-6CB1-46FD-93F2-A4FD277B9132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix1:*:*:*:*:*:*",
              "matchCriteriaId": "C397BB56-6B67-4625-BACB-47C667FB0452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix2:*:*:*:*:*:*",
              "matchCriteriaId": "AA663385-DB25-4CD2-AC7D-FB501B37AFA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F26126-55C2-4E2E-A586-D93FF38ABF6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: JSSE). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de HTTPS comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Se aplica a la implementaci\u00f3n de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox. Tambi\u00e9n puede ser explotada al proporcionar datos hacia las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox, tal y como por medio de un servicio web. CVSS 3.0 Puntuaci\u00f3n Base 5.3 (Impactos de la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2020-2781",
  "lastModified": "2024-11-21T05:26:15.350",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T14:15:27.030",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-15 14:15

Modified

2024-11-21 05:26

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4337-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4337-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	11.0.6
oracle	jdk	14.0.0
oracle	jre	11.0.6
oracle	jre	14.0.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	14
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	plug-in_for_symantec_netbackup	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
debian	debian_linux	10.0
opensuse	leap	15.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84457AF5-BF82-449E-8576-F34DD338BBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5E08E5-823D-4F57-BA0A-603F8E680419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D95157-3487-4421-A5E3-801B987625B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8ADAA7A-7951-40D7-B1B1-78944D954209",
              "versionEndIncluding": "11.0.6",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA",
              "versionEndIncluding": "13.0.2",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: JSSE). Las versiones compatibles que est\u00e1n afectadas son Java SE: 11.0.6 y 14. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de HTTPS comprometer a Java SE. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE. Nota: Se aplica a la implementaci\u00f3n de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox. Tambi\u00e9n puede ser explotada al proporcionar datos hacia las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox, tal y como por medio de un servicio web. CVSS 3.0 Puntuaci\u00f3n Base 3.7 (Impactos de la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    }
  ],
  "id": "CVE-2020-2778",
  "lastModified": "2024-11-21T05:26:14.757",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T14:15:26.843",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-19 21:15

Modified

2024-11-21 06:44

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.5
oracle	graalvm	21.3.1
oracle	graalvm	22.0.0.2
oracle	jdk	7.0
oracle	jdk	8.0
oracle	jdk	11.0.14
oracle	jdk	17.0.2
oracle	jdk	18
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	element_software	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	santricity_unified_manager	-
netapp	solidfire	-
netapp	bootstrap_os	-
netapp	hci_compute_node	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
azul	zulu	7.52
azul	zulu	8.60
azul	zulu	11.54
azul	zulu	13.46
azul	zulu	15.38
azul	zulu	17.32
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	18

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:7.0:update_331:*:*:*:*:*:*",
              "matchCriteriaId": "AC99AA10-93C5-4B27-A991-FD29496FDF1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:8.0:update_321:*:*:*:*:*:*",
              "matchCriteriaId": "C66D72B5-055F-45BD-AD02-C5E086AB5B63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "681BFE5C-6F33-4084-8F0D-2DD573782004",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A29CF53D-7DDC-4B60-8232-6C173083101F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA091EC-B5A9-468D-B99C-BB6F333E7B64",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC61C25-871B-4F6F-A5F0-77359F373681",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0DC492-706E-42FE-8757-71873B53C417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C0D3169-24B4-4733-BD40-59D0BB5DAC13",
              "versionEndIncluding": "11.0.14",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1D003C0-042E-4126-AEDA-F85863FEAB45",
              "versionEndIncluding": "13.0.10",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC2C87EC-6234-482F-B597-962E3C52D01B",
              "versionEndIncluding": "15.0.6",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "38F4BE82-B2A6-4E48-B1E0-100ACF94B9CD",
              "versionEndIncluding": "17.0.2",
              "versionStartIncluding": "17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update331:*:*:*:*:*:*",
              "matchCriteriaId": "A8971E08-2CA2-46F4-8C26-12D2AFAC3B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
              "matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "56CBFC1F-C120-44F2-877A-C1C880AA89C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o el acceso completo a todos los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 7.5 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)"
    }
  ],
  "id": "CVE-2022-21476",
  "lastModified": "2024-11-21T06:44:47.470",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-04-19T21:15:17.503",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-15 18:15

Modified

2024-11-21 05:03

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202008-24	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4453-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4734	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202008-24	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4453-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4734	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jre	1.8.0
fedoraproject	fedora	31
fedoraproject	fedora	32
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	20.04
mcafee	epolicy_orchestrator	5.9.0
mcafee	epolicy_orchestrator	5.9.1
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
opensuse	leap	15.2
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "C9F6C698-54CB-4CBE-BBC9-2A059D419BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "FF39F7B1-6571-4BF6-A58F-4A6801636217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "D2DD43D4-AF2E-41DF-90C0-F899C624430E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u261 y 8u251; Java SE Embedded: 8u251. La vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso de red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Aplica a la implementaci\u00f3n del cliente y el servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start en sandbox y applets de Java en sandbox. Tambi\u00e9n puede ser explotada mediante el suministro de datos a las API en el Componente especificado sin utilizar aplicaciones de Java Web Start en sandbox o applets de Java en sandbox, como por medio de un servicio web. CVSS 3.1 Puntuaci\u00f3n Base 3.7 (Impactos de la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2020-14579",
  "lastModified": "2024-11-21T05:03:35.790",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-07-15T18:15:23.910",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-24"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4453-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4734"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4453-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-02 15:15

Modified

2024-11-21 06:21

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1954761	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://security.gentoo.org/glsa/202208-31	Third Party Advisory
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
secalert@redhat.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1954761	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202208-31	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
gstreamer_project	gstreamer	*
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
oracle	openjdk	8

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "221254EA-BFFC-41D8-B255-9A0C5F625C6A",
              "versionEndExcluding": "1.18.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags."
    },
    {
      "lang": "es",
      "value": "GStreamer versiones anteriores a 1.18.4, puede llevar a cabo una lectura fuera de l\u00edmites al manejar determinadas etiquetas ID3v2"
    }
  ],
  "id": "CVE-2021-3522",
  "lastModified": "2024-11-21T06:21:45.420",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-02T15:15:07.857",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954761"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202208-31"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202208-31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-10-21 15:15

Modified

2024-11-21 05:04

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCKZAI4AWSKO5O5VDXHFFKNLOZGZ3KEE/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7XEONOP6JB7SD7AMUWZTLZF2L4QD546/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCKZAI4AWSKO5O5VDXHFFKNLOZGZ3KEE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7XEONOP6JB7SD7AMUWZTLZF2L4QD546/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-19	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20201023-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4779	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.8
oracle	jdk	15
oracle	jre	1.8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
fedoraproject	fedora	31
fedoraproject	fedora	32
fedoraproject	fedora	33
opensuse	leap	15.2
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_unified_manager_core_package	-
netapp	santricity_cloud_connector	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
netapp	hci_storage_node	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3D07DCC8-4D24-4B8F-B72E-83DC311BD683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "AAC508A2-CF8A-4037-87C8-B87E19ABC644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "41F90A96-7F92-4DB8-9B76-BA558FDF9BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3917541-7ACF-4033-86EC-DB54938DBF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update261:*:*:*:*:*:*",
              "matchCriteriaId": "240E3859-040C-4E94-806C-E40E9E2C5EA2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4",
              "versionEndIncluding": "11.60.3",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A4D418D-B526-46B9-B439-E1963BF88C0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:sap:*:*",
              "matchCriteriaId": "C57D2B31-9696-4451-BA04-D093FFCF7E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Serialization).\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u271, 8u261, 11.0.8 y 15;\u0026#xa0;Java SE Embedded: 8u261.\u0026#xa0;Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Java SE, Java SE Embedded.\u0026#xa0;Nota: Aplica a la implementaci\u00f3n de cliente y servidor de Java.\u0026#xa0;Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets de Java en sandbox.\u0026#xa0;Tambi\u00e9n se puede explotar proporcionando datos a las API en el Componente especificado sin utilizar aplicaciones Java Web Start en sandbox o applets de Java en sandbox,\u0026#xa0;como mediante un servicio web.\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 3.7 (Impactos de la Disponibilidad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2020-14779",
  "lastModified": "2024-11-21T05:04:08.290",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-10-21T15:15:18.217",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCKZAI4AWSKO5O5VDXHFFKNLOZGZ3KEE/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7XEONOP6JB7SD7AMUWZTLZF2L4QD546/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCKZAI4AWSKO5O5VDXHFFKNLOZGZ3KEE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7XEONOP6JB7SD7AMUWZTLZF2L4QD546/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-04-19 21:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.5
oracle	graalvm	21.3.1
oracle	graalvm	22.0.0.2
oracle	java_se	7u331
oracle	java_se	8u321
oracle	java_se	11.0.14
oracle	java_se	17.0.2
oracle	java_se	18
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	element_software	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	santricity_unified_manager	-
netapp	solidfire	-
netapp	bootstrap_os	-
netapp	hci_compute_node	-
debian	debian_linux	9.0
azul	zulu	6.45
azul	zulu	7.52
azul	zulu	8.60
azul	zulu	11.54
azul	zulu	13.46
azul	zulu	15.38
azul	zulu	17.32
azul	zulu	18.28

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:7u331:*:*:*:*:*:*:*",
              "matchCriteriaId": "C15F860C-6B33-4950-B443-E2A7D4639573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:8u321:*:*:*:*:*:*:*",
              "matchCriteriaId": "696E27A2-34A2-49A8-BEF4-61718D11DD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:11.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9F8A53-6CBE-45EF-A920-4D448B9CE31F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:17.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00AC1B6D-9156-40A3-B606-845CCC33D724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "022EC03C-1574-4421-9AB7-0EEF0D089322",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "850B5359-7804-406B-9DC9-D22D65ACEE40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC61C25-871B-4F6F-A5F0-77359F373681",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0DC492-706E-42FE-8757-71873B53C417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AD8BF00-C510-4E63-8949-CB64E9043610",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JNDI). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo procedente de Internet) y que dependen del sandbox de Java para su seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)"
    }
  ],
  "id": "CVE-2022-21496",
  "lastModified": "2024-11-21T06:44:50.123",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-19T21:15:18.497",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-15 14:15

Modified

2024-11-21 05:26

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4337-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10332	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4337-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.6
oracle	jdk	14.0.0
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.6
oracle	jre	14.0.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	14
fedoraproject	fedora	30
fedoraproject	fedora	31
fedoraproject	fedora	32
opensuse	leap	15.1
opensuse	leap	15.2
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
mcafee	epolicy_orchestrator	5.9.0
mcafee	epolicy_orchestrator	5.9.1
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
mcafee	epolicy_orchestrator	5.10.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "E3B8B378-3211-4E63-873D-A05574B39E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84457AF5-BF82-449E-8576-F34DD338BBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "221B755E-48C0-4530-AFBD-4B00CF6A696F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "27495366-B260-4F56-9BC2-9B862E7DCABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5E08E5-823D-4F57-BA0A-603F8E680419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D95157-3487-4421-A5E3-801B987625B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8ADAA7A-7951-40D7-B1B1-78944D954209",
              "versionEndIncluding": "11.0.6",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA",
              "versionEndIncluding": "13.0.2",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Security). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Java SE, Java SE Embedded. Nota: Se aplica a la implementaci\u00f3n de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox. Tambi\u00e9n puede ser explotada al proporcionar datos hacia las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox, tal y como por medio de un servicio web. CVSS 3.0 Puntuaci\u00f3n Base 3.7 (Impactos de la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2020-2773",
  "lastModified": "2024-11-21T05:26:13.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T14:15:26.547",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
fedoraproject	fedora	34
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3575C88F-05D3-49F6-A60B-7ED902E318F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
              "matchCriteriaId": "C5988521-7571-4AE7-BD02-2C8765FC464B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
              "matchCriteriaId": "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962026D1-1E50-480F-921C-C7EE32AA0107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6489B616-476E-46AB-8795-7EFDD9074899",
              "versionEndIncluding": "11.0.13",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
              "versionEndIncluding": "13.0.9",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9DCD68-A054-456D-8A3C-15939F85DF90",
              "versionEndIncluding": "15.0.5",
              "versionStartIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
              "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
              "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
              "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
              "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
              "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
              "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7858DA-58DE-4920-B678-7800BD084EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones compatibles que est\u00e1n afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada al usar APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"
    }
  ],
  "id": "CVE-2022-21293",
  "lastModified": "2024-11-21T06:44:20.403",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-19T12:15:12.447",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-15 14:15

Modified

2024-11-21 05:26

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4337-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4337-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.6
oracle	jdk	14.0.0
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.6
oracle	jre	14.0.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	14
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	plug-in_for_symantec_netbackup	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
fedoraproject	fedora	30
fedoraproject	fedora	31
fedoraproject	fedora	32
opensuse	leap	15.1
opensuse	leap	15.2
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "E3B8B378-3211-4E63-873D-A05574B39E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84457AF5-BF82-449E-8576-F34DD338BBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_251:*:*:*:*:*:*",
              "matchCriteriaId": "8F257E03-5BA1-4743-983A-6C08F8572FFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_241:*:*:*:*:*:*",
              "matchCriteriaId": "C49049F7-8BA7-4787-8C55-CABFAB6BC0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5E08E5-823D-4F57-BA0A-603F8E680419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D95157-3487-4421-A5E3-801B987625B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8ADAA7A-7951-40D7-B1B1-78944D954209",
              "versionEndIncluding": "11.0.6",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA",
              "versionEndIncluding": "13.0.2",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito requieren una interacci\u00f3n humana de una persona diferente del atacante y, aunque la vulnerabilidad se encuentra en Java SE, Java SE Embedded, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start dentro del sandbox o applets de Java dentro del sandbox, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de Internet) y conf\u00edan en el sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a las implementaciones de Java, com\u00fanmente en servidores, que cargan y ejecutan solo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Puntuaci\u00f3n Base 8.3 (Impactos de la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2020-2805",
  "lastModified": "2024-11-21T05:26:19.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T14:15:28.437",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-04-15 14:15

Modified

2024-11-21 05:26

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4337-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202006-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200416-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4337-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4662	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4668	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.6
oracle	jdk	14.0.0
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.6
oracle	jre	14.0.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	14
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	plug-in_for_symantec_netbackup	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
fedoraproject	fedora	30
fedoraproject	fedora	31
fedoraproject	fedora	32
opensuse	leap	15.1
opensuse	leap	15.2
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*",
              "matchCriteriaId": "E3B8B378-3211-4E63-873D-A05574B39E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*",
              "matchCriteriaId": "CEAD5DA3-6D7D-4127-8E58-E0ACA8A611D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "441D7EFC-92F3-4F5B-ADDB-A4BF241F546E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84457AF5-BF82-449E-8576-F34DD338BBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_251:*:*:*:*:*:*",
              "matchCriteriaId": "8F257E03-5BA1-4743-983A-6C08F8572FFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_241:*:*:*:*:*:*",
              "matchCriteriaId": "C49049F7-8BA7-4787-8C55-CABFAB6BC0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5E08E5-823D-4F57-BA0A-603F8E680419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D95157-3487-4421-A5E3-801B987625B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8ADAA7A-7951-40D7-B1B1-78944D954209",
              "versionEndIncluding": "11.0.6",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA",
              "versionEndIncluding": "13.0.2",
              "versionStartIncluding": "13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
              "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
              "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
              "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
              "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
              "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
              "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
              "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
              "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
              "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
              "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
              "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
              "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
              "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
              "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
              "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
              "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
              "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
              "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
              "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
              "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
              "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
              "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
              "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
              "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
              "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
              "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
              "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
              "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
              "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
              "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
              "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
              "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
              "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
              "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
              "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
              "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
              "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
              "versionEndIncluding": "11.70.2",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
              "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Java SE, Java SE Embedded de Oracle Java SE (componente: Libraries). Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u251, 8u241, 11.0.6 y 14; Java SE Embedded: 8u241. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded. Los ataques con \u00e9xito requieren una interacci\u00f3n humana de una persona diferente del atacante y, aunque la vulnerabilidad se encuentra en Java SE, Java SE Embedded, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start dentro del sandbox o applets de Java dentro del sandbox, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de Internet) y conf\u00edan en el sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a las implementaciones de Java, com\u00fanmente en servidores, que cargan y ejecutan solo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Puntuaci\u00f3n Base 8.3 (Impactos de la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2020-2803",
  "lastModified": "2024-11-21T05:26:18.833",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T14:15:28.280",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4337-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-15 18:15

Modified

2024-11-21 05:03

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202008-24	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4433-1/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/4453-1/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2020/dsa-4734	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202008-24	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200717-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4433-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4453-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4734	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.7
oracle	jdk	14.0.1
oracle	jre	1.8.0
fedoraproject	fedora	31
fedoraproject	fedora	32
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	20.04
debian	debian_linux	9.0
debian	debian_linux	10.0
opensuse	leap	15.1
opensuse	leap	15.2
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	*
netapp	active_iq_unified_manager	*
netapp	cloud_backup	-
netapp	cloud_secure_agent	-
netapp	e-series_performance_analyzer	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	steelstore_cloud_integrated_storage	-
netapp	storagegrid	*
netapp	storagegrid	-