Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-14664 (GCVE-0-2020-14664)
Vulnerability from cvelistv5 – Published: 2020-07-15 17:34 – Updated: 2024-09-27 18:25
VLAI
EPSS
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2020071… | x_refsource_CONFIRM |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202209-15 | vendor-advisoryx_refsource_GENTOO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle Corporation | Java |
Affected:
Java SE: 8u251
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:53:42.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/"
},
{
"name": "GLSA-202209-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-15"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-14664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T17:54:50.939497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T18:25:29.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Java SE: 8u251"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-25T15:06:52.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/"
},
{
"name": "GLSA-202209-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2020-14664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE: 8u251"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.3",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/"
},
{
"name": "GLSA-202209-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2020-14664",
"datePublished": "2020-07-15T17:34:32.000Z",
"dateReserved": "2020-06-19T00:00:00.000Z",
"dateUpdated": "2024-09-27T18:25:29.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-14664",
"date": "2026-06-14",
"epss": "0.01068",
"percentile": "0.78211"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF39F7B1-6571-4BF6-A58F-4A6801636217\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2DD43D4-AF2E-41DF-90C0-F899C624430E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EF6650C-558D-45C8-AE7D-136EE70CB6D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*\", \"versionStartIncluding\": \"7.3\", \"matchCriteriaId\": \"BD075607-09B7-493E-8611-66D041FFDA62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*\", \"versionStartIncluding\": \"9.5\", \"matchCriteriaId\": \"B64FC591-5854-4480-A6E2-5E953C2415B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24B8DB06-590A-4008-B0AB-FCD1401C77C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndIncluding\": \"11.70.2\", \"matchCriteriaId\": \"8C5DA53D-744B-4087-AEA9-257F18949E4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*\", \"matchCriteriaId\": \"1AEFF829-A8F2-4041-8DDF-E705DB3ADED2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5735E553-9731-4AAC-BCFF-989377F817B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A372B177-F740-4655-865C-31777A6E140B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*\", \"matchCriteriaId\": \"64DE38C8-94F1-4860-B045-F33928F676A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*\", \"matchCriteriaId\": \"25BBBC1A-228F-45A6-AE95-DB915EDF84BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndIncluding\": \"9.0.4\", \"matchCriteriaId\": \"D239B58A-9386-443D-B579-B56AE2A500BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ADFF451-740F-4DBA-BD23-3881945D3E40\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: JavaFX). La versi\\u00f3n compatible que est\\u00e1 afectada es Java SE: 8u251. La vulnerabilidad dif\\u00edcil de explotar permite a un atacante no autenticado con acceso de red por medio de m\\u00faltiples protocolos comprometer a Java SE. Los ataques con \\u00e9xito requieren la interacci\\u00f3n humana de una persona diferente del atacante y, aunque la vulnerabilidad se encuentra en Java SE, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \\u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets de Java en sandbox, que cargan y ejecutan c\\u00f3digo no confiable (por ejemplo, c\\u00f3digo que proviene de Internet) y conf\\u00edan en el sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a las implementaciones de Java, generalmente en servidores, que cargan y ejecutan solo c\\u00f3digo confiable (por ejemplo, c\\u00f3digo instalado por parte de un administrador). CVSS 3.1 Puntuaci\\u00f3n Base 8.3 (Impactos de la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\"}]",
"id": "CVE-2020-14664",
"lastModified": "2024-11-21T05:03:50.127",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert_us@oracle.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 8.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 8.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-07-15T18:15:31.333",
"references": "[{\"url\": \"https://security.gentoo.org/glsa/202209-15\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200717-0005/\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-897/\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://security.gentoo.org/glsa/202209-15\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200717-0005/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-897/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-14664\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2020-07-15T18:15:31.333\",\"lastModified\":\"2024-11-21T05:03:50.127\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: JavaFX). La versi\u00f3n compatible que est\u00e1 afectada es Java SE: 8u251. La vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso de red por medio de m\u00faltiples protocolos comprometer a Java SE. Los ataques con \u00e9xito requieren la interacci\u00f3n humana de una persona diferente del atacante y, aunque la vulnerabilidad se encuentra en Java SE, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets de Java en sandbox, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de Internet) y conf\u00edan en el sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a las implementaciones de Java, generalmente en servidores, que cargan y ejecutan solo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por parte de un administrador). CVSS 3.1 Puntuaci\u00f3n Base 8.3 (Impactos de la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF39F7B1-6571-4BF6-A58F-4A6801636217\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2DD43D4-AF2E-41DF-90C0-F899C624430E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EF6650C-558D-45C8-AE7D-136EE70CB6D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"7.3\",\"matchCriteriaId\":\"BD075607-09B7-493E-8611-66D041FFDA62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*\",\"versionStartIncluding\":\"9.5\",\"matchCriteriaId\":\"B64FC591-5854-4480-A6E2-5E953C2415B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B8DB06-590A-4008-B0AB-FCD1401C77C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.70.2\",\"matchCriteriaId\":\"8C5DA53D-744B-4087-AEA9-257F18949E4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*\",\"matchCriteriaId\":\"1AEFF829-A8F2-4041-8DDF-E705DB3ADED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A372B177-F740-4655-865C-31777A6E140B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*\",\"matchCriteriaId\":\"64DE38C8-94F1-4860-B045-F33928F676A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*\",\"matchCriteriaId\":\"25BBBC1A-228F-45A6-AE95-DB915EDF84BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndIncluding\":\"9.0.4\",\"matchCriteriaId\":\"D239B58A-9386-443D-B579-B56AE2A500BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADFF451-740F-4DBA-BD23-3881945D3E40\"}]}]}],\"references\":[{\"url\":\"https://security.gentoo.org/glsa/202209-15\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200717-0005/\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-897/\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/202209-15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200717-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-897/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200717-0005/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-897/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202209-15\", \"name\": \"GLSA-202209-15\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T12:53:42.545Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-14664\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-27T17:54:50.939497Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-27T17:55:29.028Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Java\", \"versions\": [{\"status\": \"affected\", \"version\": \"Java SE: 8u251\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200717-0005/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-897/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.gentoo.org/glsa/202209-15\", \"name\": \"GLSA-202209-15\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2022-09-25T15:06:52\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.1\", \"baseScore\": \"8.3\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\"}}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Java SE: 8u251\", \"version_affected\": \"=\"}]}, \"product_name\": \"Java\"}]}, \"vendor_name\": \"Oracle Corporation\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200717-0005/\", \"name\": \"https://security.netapp.com/advisory/ntap-20200717-0005/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-897/\", \"name\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-897/\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.gentoo.org/glsa/202209-15\", \"name\": \"GLSA-202209-15\", \"refsource\": \"GENTOO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-14664\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert_us@oracle.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2020-14664\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-27T18:25:29.065Z\", \"dateReserved\": \"2020-06-19T00:00:00\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2020-07-15T17:34:32\", \"assignerShortName\": \"oracle\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-CFP9-CX5P-7JFP
Vulnerability from github – Published: 2022-05-24 17:23 – Updated: 2022-05-24 17:23
VLAI
Details
Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Severity
8.3 (High)
{
"affected": [],
"aliases": [
"CVE-2020-14664"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-15T18:15:00Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",
"id": "GHSA-cfp9-cx5p-7jfp",
"modified": "2022-05-24T17:23:29Z",
"published": "2022-05-24T17:23:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14664"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202209-15"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200717-0005"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-897"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2020-14664
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-14664",
"description": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",
"id": "GSD-2020-14664",
"references": [
"https://www.suse.com/security/cve/CVE-2020-14664.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-14664"
],
"details": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",
"id": "GSD-2020-14664",
"modified": "2023-12-13T01:21:59.651974Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2020-14664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE: 8u251"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.3",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/"
},
{
"name": "GLSA-202209-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.4",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.70.2",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2020-14664"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/"
},
{
"name": "GLSA-202209-15",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
},
"lastModifiedDate": "2022-09-28T20:29Z",
"publishedDate": "2020-07-15T18:15Z"
}
}
}
OPENSUSE-SU-2024:11119-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
openjfx-11.0.12-2.2 on GA media
Severity
Moderate
Notes
Title of the patch: openjfx-11.0.12-2.2 on GA media
Description of the patch: These are all security issues fixed in the openjfx-11.0.12-2.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11119
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.3 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openjfx-11.0.12-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-11.0.12-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-11.0.12-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-11.0.12-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "openjfx-11.0.12-2.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the openjfx-11.0.12-2.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11119",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11119-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14664 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14664/"
}
],
"title": "openjfx-11.0.12-2.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11119-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openjfx-11.0.12-2.2.aarch64",
"product": {
"name": "openjfx-11.0.12-2.2.aarch64",
"product_id": "openjfx-11.0.12-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "openjfx-devel-11.0.12-2.2.aarch64",
"product": {
"name": "openjfx-devel-11.0.12-2.2.aarch64",
"product_id": "openjfx-devel-11.0.12-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "openjfx-javadoc-11.0.12-2.2.aarch64",
"product": {
"name": "openjfx-javadoc-11.0.12-2.2.aarch64",
"product_id": "openjfx-javadoc-11.0.12-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "openjfx-jmods-11.0.12-2.2.aarch64",
"product": {
"name": "openjfx-jmods-11.0.12-2.2.aarch64",
"product_id": "openjfx-jmods-11.0.12-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "openjfx-src-11.0.12-2.2.aarch64",
"product": {
"name": "openjfx-src-11.0.12-2.2.aarch64",
"product_id": "openjfx-src-11.0.12-2.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openjfx-11.0.12-2.2.ppc64le",
"product": {
"name": "openjfx-11.0.12-2.2.ppc64le",
"product_id": "openjfx-11.0.12-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openjfx-devel-11.0.12-2.2.ppc64le",
"product": {
"name": "openjfx-devel-11.0.12-2.2.ppc64le",
"product_id": "openjfx-devel-11.0.12-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openjfx-javadoc-11.0.12-2.2.ppc64le",
"product": {
"name": "openjfx-javadoc-11.0.12-2.2.ppc64le",
"product_id": "openjfx-javadoc-11.0.12-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openjfx-jmods-11.0.12-2.2.ppc64le",
"product": {
"name": "openjfx-jmods-11.0.12-2.2.ppc64le",
"product_id": "openjfx-jmods-11.0.12-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openjfx-src-11.0.12-2.2.ppc64le",
"product": {
"name": "openjfx-src-11.0.12-2.2.ppc64le",
"product_id": "openjfx-src-11.0.12-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openjfx-11.0.12-2.2.s390x",
"product": {
"name": "openjfx-11.0.12-2.2.s390x",
"product_id": "openjfx-11.0.12-2.2.s390x"
}
},
{
"category": "product_version",
"name": "openjfx-devel-11.0.12-2.2.s390x",
"product": {
"name": "openjfx-devel-11.0.12-2.2.s390x",
"product_id": "openjfx-devel-11.0.12-2.2.s390x"
}
},
{
"category": "product_version",
"name": "openjfx-javadoc-11.0.12-2.2.s390x",
"product": {
"name": "openjfx-javadoc-11.0.12-2.2.s390x",
"product_id": "openjfx-javadoc-11.0.12-2.2.s390x"
}
},
{
"category": "product_version",
"name": "openjfx-jmods-11.0.12-2.2.s390x",
"product": {
"name": "openjfx-jmods-11.0.12-2.2.s390x",
"product_id": "openjfx-jmods-11.0.12-2.2.s390x"
}
},
{
"category": "product_version",
"name": "openjfx-src-11.0.12-2.2.s390x",
"product": {
"name": "openjfx-src-11.0.12-2.2.s390x",
"product_id": "openjfx-src-11.0.12-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openjfx-11.0.12-2.2.x86_64",
"product": {
"name": "openjfx-11.0.12-2.2.x86_64",
"product_id": "openjfx-11.0.12-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "openjfx-devel-11.0.12-2.2.x86_64",
"product": {
"name": "openjfx-devel-11.0.12-2.2.x86_64",
"product_id": "openjfx-devel-11.0.12-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "openjfx-javadoc-11.0.12-2.2.x86_64",
"product": {
"name": "openjfx-javadoc-11.0.12-2.2.x86_64",
"product_id": "openjfx-javadoc-11.0.12-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "openjfx-jmods-11.0.12-2.2.x86_64",
"product": {
"name": "openjfx-jmods-11.0.12-2.2.x86_64",
"product_id": "openjfx-jmods-11.0.12-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "openjfx-src-11.0.12-2.2.x86_64",
"product": {
"name": "openjfx-src-11.0.12-2.2.x86_64",
"product_id": "openjfx-src-11.0.12-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-11.0.12-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-11.0.12-2.2.aarch64"
},
"product_reference": "openjfx-11.0.12-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-11.0.12-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-11.0.12-2.2.ppc64le"
},
"product_reference": "openjfx-11.0.12-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-11.0.12-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-11.0.12-2.2.s390x"
},
"product_reference": "openjfx-11.0.12-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-11.0.12-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-11.0.12-2.2.x86_64"
},
"product_reference": "openjfx-11.0.12-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-devel-11.0.12-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.aarch64"
},
"product_reference": "openjfx-devel-11.0.12-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-devel-11.0.12-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.ppc64le"
},
"product_reference": "openjfx-devel-11.0.12-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-devel-11.0.12-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.s390x"
},
"product_reference": "openjfx-devel-11.0.12-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-devel-11.0.12-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.x86_64"
},
"product_reference": "openjfx-devel-11.0.12-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-javadoc-11.0.12-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.aarch64"
},
"product_reference": "openjfx-javadoc-11.0.12-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-javadoc-11.0.12-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.ppc64le"
},
"product_reference": "openjfx-javadoc-11.0.12-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-javadoc-11.0.12-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.s390x"
},
"product_reference": "openjfx-javadoc-11.0.12-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-javadoc-11.0.12-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.x86_64"
},
"product_reference": "openjfx-javadoc-11.0.12-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-jmods-11.0.12-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.aarch64"
},
"product_reference": "openjfx-jmods-11.0.12-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-jmods-11.0.12-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.ppc64le"
},
"product_reference": "openjfx-jmods-11.0.12-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-jmods-11.0.12-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.s390x"
},
"product_reference": "openjfx-jmods-11.0.12-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-jmods-11.0.12-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.x86_64"
},
"product_reference": "openjfx-jmods-11.0.12-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-src-11.0.12-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.aarch64"
},
"product_reference": "openjfx-src-11.0.12-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-src-11.0.12-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.ppc64le"
},
"product_reference": "openjfx-src-11.0.12-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-src-11.0.12-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.s390x"
},
"product_reference": "openjfx-src-11.0.12-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openjfx-src-11.0.12-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.x86_64"
},
"product_reference": "openjfx-src-11.0.12-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14664"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openjfx-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-11.0.12-2.2.x86_64",
"openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.x86_64",
"openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.x86_64",
"openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.x86_64",
"openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14664",
"url": "https://www.suse.com/security/cve/CVE-2020-14664"
},
{
"category": "external",
"summary": "SUSE Bug 1174157 for CVE-2020-14664",
"url": "https://bugzilla.suse.com/1174157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openjfx-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-11.0.12-2.2.x86_64",
"openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.x86_64",
"openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.x86_64",
"openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.x86_64",
"openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:openjfx-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-11.0.12-2.2.x86_64",
"openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-devel-11.0.12-2.2.x86_64",
"openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-javadoc-11.0.12-2.2.x86_64",
"openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-jmods-11.0.12-2.2.x86_64",
"openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.aarch64",
"openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.ppc64le",
"openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.s390x",
"openSUSE Tumbleweed:openjfx-src-11.0.12-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14664"
}
]
}
WID-SEC-W-2022-1522
Vulnerability from csaf_certbund - Published: 2020-07-14 22:00 - Updated: 2025-05-13 22:00Summary
Oracle Java SE: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Verfügbarkeit, Vertraulichkeit und Integrität zu gefährden.
Betroffene Betriebssysteme: - F5 Networks
- Linux
- UNIX
- Windows
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Oracle Java SE
Oracle
|
cpe:/a:oracle:java_se:-
|
— | |
|
Hitachi Network Attached Storage
Hitachi
|
cpe:/h:hitachi:virtual_storage_platform:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
HCL AppScan Enterprise
HCL
|
cpe:/a:hcltech:appscan_enterprise:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Oracle Java SE
Oracle
|
cpe:/a:oracle:java_se:-
|
— | |
|
Hitachi Network Attached Storage
Hitachi
|
cpe:/h:hitachi:virtual_storage_platform:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
HCL AppScan Enterprise
HCL
|
cpe:/a:hcltech:appscan_enterprise:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Oracle Java SE
Oracle
|
cpe:/a:oracle:java_se:-
|
— | |
|
Hitachi Network Attached Storage
Hitachi
|
cpe:/h:hitachi:virtual_storage_platform:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
HCL AppScan Enterprise
HCL
|
cpe:/a:hcltech:appscan_enterprise:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Oracle Java SE
Oracle
|
cpe:/a:oracle:java_se:-
|
— | |
|
Hitachi Network Attached Storage
Hitachi
|
cpe:/h:hitachi:virtual_storage_platform:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
HCL AppScan Enterprise
HCL
|
cpe:/a:hcltech:appscan_enterprise:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Oracle Java SE
Oracle
|
cpe:/a:oracle:java_se:-
|
— | |
|
Hitachi Network Attached Storage
Hitachi
|
cpe:/h:hitachi:virtual_storage_platform:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
HCL AppScan Enterprise
HCL
|
cpe:/a:hcltech:appscan_enterprise:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Oracle Java SE
Oracle
|
cpe:/a:oracle:java_se:-
|
— | |
|
Hitachi Network Attached Storage
Hitachi
|
cpe:/h:hitachi:virtual_storage_platform:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
HCL AppScan Enterprise
HCL
|
cpe:/a:hcltech:appscan_enterprise:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Oracle Java SE
Oracle
|
cpe:/a:oracle:java_se:-
|
— | |
|
Hitachi Network Attached Storage
Hitachi
|
cpe:/h:hitachi:virtual_storage_platform:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
HCL AppScan Enterprise
HCL
|
cpe:/a:hcltech:appscan_enterprise:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Oracle Java SE
Oracle
|
cpe:/a:oracle:java_se:-
|
— | |
|
Hitachi Network Attached Storage
Hitachi
|
cpe:/h:hitachi:virtual_storage_platform:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
HCL AppScan Enterprise
HCL
|
cpe:/a:hcltech:appscan_enterprise:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Oracle Java SE
Oracle
|
cpe:/a:oracle:java_se:-
|
— | |
|
Hitachi Network Attached Storage
Hitachi
|
cpe:/h:hitachi:virtual_storage_platform:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
HCL AppScan Enterprise
HCL
|
cpe:/a:hcltech:appscan_enterprise:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Oracle Java SE
Oracle
|
cpe:/a:oracle:java_se:-
|
— | |
|
Hitachi Network Attached Storage
Hitachi
|
cpe:/h:hitachi:virtual_storage_platform:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
HCL AppScan Enterprise
HCL
|
cpe:/a:hcltech:appscan_enterprise:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Oracle Java SE
Oracle
|
cpe:/a:oracle:java_se:-
|
— | |
|
Hitachi Network Attached Storage
Hitachi
|
cpe:/h:hitachi:virtual_storage_platform:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
HCL AppScan Enterprise
HCL
|
cpe:/a:hcltech:appscan_enterprise:-
|
— | |
|
Amazon Corretto
Amazon / Corretto
|
cpe:/a:amazon:corretto:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 | ||
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— |
References
48 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- F5 Networks\n- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1522 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-1522.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1522 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1522"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2020 vom 2020-07-14",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html#AppendixJAVA"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2970 vom 2020-07-16",
"url": "https://access.redhat.com/errata/RHSA-2020:2970"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2968 vom 2020-07-16",
"url": "https://access.redhat.com/errata/RHSA-2020:2968"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2969 vom 2020-07-16",
"url": "https://access.redhat.com/errata/RHSA-2020:2969"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2972 vom 2020-07-16",
"url": "https://access.redhat.com/errata/RHSA-2020:2972"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2985 vom 2020-07-16",
"url": "https://access.redhat.com/errata/RHSA-2020:2985"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2020-508DF53719 vom 2020-07-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-508df53719"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3100 vom 2020-07-22",
"url": "https://access.redhat.com/errata/RHSA-2020:3100"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3099 vom 2020-07-22",
"url": "https://access.redhat.com/errata/RHSA-2020:3099"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3098 vom 2020-07-22",
"url": "https://access.redhat.com/errata/RHSA-2020:3098"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3101 vom 2020-07-22",
"url": "https://access.redhat.com/errata/RHSA-2020:3101"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2008-1 vom 2020-07-22",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-July/007170.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4433-1 vom 2020-07-23",
"url": "https://usn.ubuntu.com/4433-1/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4734 vom 2020-07-28",
"url": "https://www.debian.org/security/2020/dsa-4734"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2020-122 vom 2020-07-31",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-122/index.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4453-1 vom 2020-08-05",
"url": "https://usn.ubuntu.com/4453-1/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2143-1 vom 2020-08-06",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-August/007229.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2020:2968 vom 2020-08-07",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-2968-Important-CentOS-7-java-1-8-0-openjdk-Security-Update-tp4645994.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2020:2969 vom 2020-08-07",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-2969-Important-CentOS-7-java-11-openjdk-Security-Update-tp4645993.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2020:2985 vom 2020-08-07",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-2985-Important-CentOS-6-java-1-8-0-openjdk-Security-Update-tp4645995.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3387 vom 2020-08-10",
"url": "https://access.redhat.com/errata/RHSA-2020:3387"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3386 vom 2020-08-10",
"url": "https://access.redhat.com/errata/RHSA-2020:3386"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3388 vom 2020-08-10",
"url": "https://access.redhat.com/errata/RHSA-2020:3388"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2325 vom 2020-08-13",
"url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202008/msg00021.html"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2020-098 vom 2020-08-14",
"url": "https://downloads.avaya.com/css/P8/documents/101070224"
},
{
"category": "external",
"summary": "Gentoo Security Advisory GLSA-202008-24 vom 2020-08-29",
"url": "https://security.gentoo.org/glsa/202008-24"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2453-1 vom 2020-09-02",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007336.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:14482-1 vom 2020-09-02",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007339.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2461-1 vom 2020-09-02",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007338.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:14484-1 vom 2020-09-03",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007342.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2482-1 vom 2020-09-03",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007347.html"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2020-099 vom 2020-09-18",
"url": "https://downloads.avaya.com/css/P8/documents/101070739"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2861-1 vom 2020-10-05",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-October/007522.html"
},
{
"category": "external",
"summary": "McAfee Security Bulletin SB10332 vom 2020-10-15",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
},
{
"category": "external",
"summary": "HCL Article KB0084265 vom 2020-10-14",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084265"
},
{
"category": "external",
"summary": "F5 Knowledge-Base K85742355 vom 2020-10-22",
"url": "https://support.f5.com/csp/article/K85742355"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2020-094 vom 2020-10-25",
"url": "https://downloads.avaya.com/css/P8/documents/101071803"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:3191-1 vom 2020-11-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007713.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:3460-1 vom 2020-11-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007829.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:5585 vom 2020-12-16",
"url": "https://access.redhat.com/errata/RHSA-2020:5585"
},
{
"category": "external",
"summary": "HCL Article KB0092293 vom 2021-08-12",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0092293"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202209-15 vom 2022-09-25",
"url": "https://security.gentoo.org/glsa/202209-15"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202409-26 vom 2024-09-28",
"url": "https://security.gentoo.org/glsa/202409-26"
},
{
"category": "external",
"summary": "Change Log for Amazon Corretto 8 vom 2025-01-21",
"url": "https://github.com/corretto/corretto-8/blob/14eb6b297ac476ca5734706b40903e5a69ecd74a/CHANGELOG.md"
},
{
"category": "external",
"summary": "Change Log for Amazon Corretto 11 vom 2025-01-21",
"url": "https://github.com/corretto/corretto-11/blob/ece67a968d57210c69d3b9153576613846c1cacf/CHANGELOG.md"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASCORRETTO8-2025-019 vom 2025-05-14",
"url": "https://alas.aws.amazon.com/AL2/ALASCORRETTO8-2025-019.html"
}
],
"source_lang": "en-US",
"title": "Oracle Java SE: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-13T22:00:00.000+00:00",
"generator": {
"date": "2025-05-14T06:59:19.338+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-1522",
"initial_release_date": "2020-07-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2020-07-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-07-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-07-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-07-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2020-07-22T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2020-07-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2020-07-27T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-07-30T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2020-08-05T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2020-08-06T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-08-09T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von CentOS aufgenommen"
},
{
"date": "2020-08-10T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-08-12T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-08-13T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2020-08-30T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von GENTOO aufgenommen"
},
{
"date": "2020-09-02T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-09-03T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-09-17T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2020-10-05T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-10-14T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von McAfee und HCL aufgenommen"
},
{
"date": "2020-10-22T22:00:00.000+00:00",
"number": "21",
"summary": "F5 als betroffenes Produkt aufgenommen, derzeit kein Patch von F5 verf\u00fcgbar"
},
{
"date": "2020-10-25T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2020-11-05T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-11-22T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-12-16T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-08-11T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2022-09-25T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-05-13T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "30"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Corretto",
"product": {
"name": "Amazon Corretto",
"product_id": "T023017",
"product_identification_helper": {
"cpe": "cpe:/a:amazon:corretto:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.26.4.1",
"product": {
"name": "Amazon Corretto \u003c11.0.26.4.1",
"product_id": "T040500"
}
},
{
"category": "product_version",
"name": "11.0.26.4.1",
"product": {
"name": "Amazon Corretto 11.0.26.4.1",
"product_id": "T040500-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:amazon:corretto:11.0.26.4.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.442.06.1",
"product": {
"name": "Amazon Corretto \u003c8.442.06.1",
"product_id": "T040501"
}
},
{
"category": "product_version",
"name": "8.442.06.1",
"product": {
"name": "Amazon Corretto 8.442.06.1",
"product_id": "T040501-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:amazon:corretto:8.442.06.1"
}
}
}
],
"category": "product_name",
"name": "Corretto"
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Avaya Aura Application Enablement Services",
"product": {
"name": "Avaya Aura Application Enablement Services",
"product_id": "T015516",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Communication Manager",
"product": {
"name": "Avaya Aura Communication Manager",
"product_id": "T015126",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:communication_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Experience Portal",
"product": {
"name": "Avaya Aura Experience Portal",
"product_id": "T015519",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_experience_portal:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Session Manager",
"product": {
"name": "Avaya Aura Session Manager",
"product_id": "T015127",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:session_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura System Manager",
"product": {
"name": "Avaya Aura System Manager",
"product_id": "T015518",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_system_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya CMS",
"product": {
"name": "Avaya CMS",
"product_id": "997",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:call_management_system_server:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Web License Manager",
"product": {
"name": "Avaya Web License Manager",
"product_id": "T016243",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:web_license_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya one-X",
"product": {
"name": "Avaya one-X",
"product_id": "1024",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:one-x:-"
}
}
}
],
"category": "vendor",
"name": "Avaya"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "HCL AppScan Enterprise",
"product": {
"name": "HCL AppScan Enterprise",
"product_id": "T020129",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:appscan_enterprise:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Network Attached Storage",
"product": {
"name": "Hitachi Network Attached Storage",
"product_id": "T011055",
"product_identification_helper": {
"cpe": "cpe:/h:hitachi:virtual_storage_platform:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Java SE",
"product": {
"name": "Oracle Java SE",
"product_id": "T009724",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14573",
"product_status": {
"known_affected": [
"T015519",
"T015518",
"67646",
"T015516",
"T009724",
"T011055",
"T015127",
"T015126",
"T012167",
"T016243",
"2951",
"T002207",
"T020129",
"T023017",
"1024",
"T000126",
"997",
"T001663",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2020-07-14T22:00:00.000+00:00",
"title": "CVE-2020-14573"
},
{
"cve": "CVE-2020-14577",
"product_status": {
"known_affected": [
"T015519",
"T015518",
"67646",
"T015516",
"T009724",
"T011055",
"T015127",
"T015126",
"T012167",
"T016243",
"2951",
"T002207",
"T020129",
"T023017",
"1024",
"T000126",
"997",
"T001663",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2020-07-14T22:00:00.000+00:00",
"title": "CVE-2020-14577"
},
{
"cve": "CVE-2020-14578",
"product_status": {
"known_affected": [
"T015519",
"T015518",
"67646",
"T015516",
"T009724",
"T011055",
"T015127",
"T015126",
"T012167",
"T016243",
"2951",
"T002207",
"T020129",
"T023017",
"1024",
"T000126",
"997",
"T001663",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2020-07-14T22:00:00.000+00:00",
"title": "CVE-2020-14578"
},
{
"cve": "CVE-2020-14579",
"product_status": {
"known_affected": [
"T015519",
"T015518",
"67646",
"T015516",
"T009724",
"T011055",
"T015127",
"T015126",
"T012167",
"T016243",
"2951",
"T002207",
"T020129",
"T023017",
"1024",
"T000126",
"997",
"T001663",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2020-07-14T22:00:00.000+00:00",
"title": "CVE-2020-14579"
},
{
"cve": "CVE-2020-14581",
"product_status": {
"known_affected": [
"T015519",
"T015518",
"67646",
"T015516",
"T009724",
"T011055",
"T015127",
"T015126",
"T012167",
"T016243",
"2951",
"T002207",
"T020129",
"T023017",
"1024",
"T000126",
"997",
"T001663",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2020-07-14T22:00:00.000+00:00",
"title": "CVE-2020-14581"
},
{
"cve": "CVE-2020-14583",
"product_status": {
"known_affected": [
"T015519",
"T015518",
"67646",
"T015516",
"T009724",
"T011055",
"T015127",
"T015126",
"T012167",
"T016243",
"2951",
"T002207",
"T020129",
"T023017",
"1024",
"T000126",
"997",
"T001663",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2020-07-14T22:00:00.000+00:00",
"title": "CVE-2020-14583"
},
{
"cve": "CVE-2020-14593",
"product_status": {
"known_affected": [
"T015519",
"T015518",
"67646",
"T015516",
"T009724",
"T011055",
"T015127",
"T015126",
"T012167",
"T016243",
"2951",
"T002207",
"T020129",
"T023017",
"1024",
"T000126",
"997",
"T001663",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2020-07-14T22:00:00.000+00:00",
"title": "CVE-2020-14593"
},
{
"cve": "CVE-2020-14621",
"product_status": {
"known_affected": [
"T015519",
"T015518",
"67646",
"T015516",
"T009724",
"T011055",
"T015127",
"T015126",
"T012167",
"T016243",
"2951",
"T002207",
"T020129",
"T023017",
"1024",
"T000126",
"997",
"T001663",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2020-07-14T22:00:00.000+00:00",
"title": "CVE-2020-14621"
},
{
"cve": "CVE-2020-14664",
"product_status": {
"known_affected": [
"T015519",
"T015518",
"67646",
"T015516",
"T009724",
"T011055",
"T015127",
"T015126",
"T012167",
"T016243",
"2951",
"T002207",
"T020129",
"T023017",
"1024",
"T000126",
"997",
"T001663",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2020-07-14T22:00:00.000+00:00",
"title": "CVE-2020-14664"
},
{
"cve": "CVE-2020-14556",
"product_status": {
"known_affected": [
"T015519",
"T015518",
"67646",
"T015516",
"T009724",
"T011055",
"T015127",
"T015126",
"T012167",
"T016243",
"2951",
"T002207",
"T020129",
"T023017",
"1024",
"T000126",
"997",
"T001663",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2020-07-14T22:00:00.000+00:00",
"title": "CVE-2020-14556"
},
{
"cve": "CVE-2020-14562",
"product_status": {
"known_affected": [
"T015519",
"T015518",
"67646",
"T015516",
"T009724",
"T011055",
"T015127",
"T015126",
"T012167",
"T016243",
"2951",
"T002207",
"T020129",
"T023017",
"1024",
"T000126",
"997",
"T001663",
"T040501",
"T040500",
"1727"
]
},
"release_date": "2020-07-14T22:00:00.000+00:00",
"title": "CVE-2020-14562"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…