cve-2020-2767
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:40
Severity ?
4.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS score ?
0.50% (0.63309)
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20200416-0004/Third Party Advisory
secalert_us@oracle.comhttps://usn.ubuntu.com/4337-1/Third Party Advisory
secalert_us@oracle.comhttps://www.debian.org/security/2020/dsa-4662Third Party Advisory
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpuapr2020.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200416-0004/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4337-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4662Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlVendor Advisory
Impacted products
Vendor Product Version
Oracle Corporation Java Version: Java SE: 11.0.6, 14
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T07:17:02.632Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200416-0004/",
               },
               {
                  name: "DSA-4662",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4662",
               },
               {
                  name: "USN-4337-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4337-1/",
               },
               {
                  name: "openSUSE-SU-2020:0757",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2020-2767",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-30T14:59:51.390149Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-30T15:40:08.657Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Java SE: 11.0.6, 14",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE accessible data as well as  unauthorized read access to a subset of Java SE accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-02T14:06:17",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200416-0004/",
            },
            {
               name: "DSA-4662",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4662",
            },
            {
               name: "USN-4337-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4337-1/",
            },
            {
               name: "openSUSE-SU-2020:0757",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2020-2767",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Java SE: 11.0.6, 14",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "4.8",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE accessible data as well as  unauthorized read access to a subset of Java SE accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200416-0004/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200416-0004/",
                  },
                  {
                     name: "DSA-4662",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4662",
                  },
                  {
                     name: "USN-4337-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4337-1/",
                  },
                  {
                     name: "openSUSE-SU-2020:0757",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2020-2767",
      datePublished: "2020-04-15T13:29:45",
      dateReserved: "2019-12-10T00:00:00",
      dateUpdated: "2024-09-30T15:40:08.657Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"441D7EFC-92F3-4F5B-ADDB-A4BF241F546E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84457AF5-BF82-449E-8576-F34DD338BBE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E5E08E5-823D-4F57-BA0A-603F8E680419\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89D95157-3487-4421-A5E3-801B987625B5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11\", \"versionEndIncluding\": \"11.0.6\", \"matchCriteriaId\": \"A8ADAA7A-7951-40D7-B1B1-78944D954209\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13\", \"versionEndIncluding\": \"13.0.2\", \"matchCriteriaId\": \"ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*\", \"matchCriteriaId\": \"02011EDC-20A7-4A16-A592-7C76E0037997\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC6D4652-1226-4C60-BEDF-01EBF8AC0849\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C1F9ED7-7D93-41F4-9130-15BA734420AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CF9CDF1-95D3-4125-A73F-396D2280FC4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*\", \"matchCriteriaId\": \"A13266DC-F8D9-4F30-987F-65BBEAF8D3A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*\", \"matchCriteriaId\": \"C28388AB-CFC9-4749-A90F-383F5B905EA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA1B00F9-A81C-48B7-8DAA-F394DDF323F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA7AD457-6CE6-4925-8D94-A907B40233D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*\", \"matchCriteriaId\": \"5480E5AD-DB46-474A-9B57-84ED088A75FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*\", \"matchCriteriaId\": \"881A4AE9-6012-4E91-98BE-0A352CC20703\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E1E1079-57D9-473B-A017-964F4745F329\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8D6446E-2915-4F12-87BE-E7420BC2626E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*\", \"matchCriteriaId\": \"564EDCE3-16E6-401D-8A43-032D1F8875E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*\", \"matchCriteriaId\": \"08278802-D31B-488A-BA6A-EBC816DF883A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*\", \"matchCriteriaId\": \"72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BBB0969-565E-43E2-B067-A10AAA5F1958\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*\", \"matchCriteriaId\": \"D78BE95D-6270-469A-8035-FCDDB398F952\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*\", \"matchCriteriaId\": \"88C24F40-3150-4584-93D9-8307DE04EEE9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*\", \"matchCriteriaId\": \"19626B36-62FC-4497-A2E1-7D6CD9839B19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*\", \"matchCriteriaId\": \"5713AEBD-35F6-44E8-A0CC-A42830D7AE20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BE0C04B-440E-4B35-ACC8-6264514F764C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*\", \"matchCriteriaId\": \"555EC2A6-0475-48ED-AE0C-B306714A9333\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C242D3BE-9114-4A9E-BB78-45754C7CC450\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*\", \"matchCriteriaId\": \"D61068FE-18EE-4ADB-BC69-A3ECE8724575\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFB59E80-4EC4-4399-BF40-6733E4E475A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*\", \"matchCriteriaId\": \"84E31265-22E1-4E91-BFCB-D2AFF445926A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*\", \"matchCriteriaId\": \"50319E52-8739-47C5-B61E-3CA9B6A9A48F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*\", \"matchCriteriaId\": \"7ED515B9-DC74-4DC5-B98A-08D87D85E11E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D1D4868-1F9F-43F7-968C-6469B67D3F1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*\", \"matchCriteriaId\": \"568F1AC4-B0D7-4438-82E5-0E61500F2240\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*\", \"matchCriteriaId\": \"14E9133E-9FF3-40DB-9A11-7469EF5FD265\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*\", \"matchCriteriaId\": \"94834710-3FA9-49D9-8600-B514CBCA4270\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*\", \"matchCriteriaId\": \"4228D9E1-7D82-4B49-9669-9CDAD7187432\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6231F48-2936-4F7D-96D5-4BA11F78EBE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*\", \"matchCriteriaId\": \"D96D5061-4A81-497E-9AD6-A8381B3B454C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*\", \"matchCriteriaId\": \"5345C21E-A01B-43B9-9A20-F2783D921C60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*\", \"matchCriteriaId\": \"B219F360-83BD-4111-AB59-C9D4F55AF4C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*\", \"matchCriteriaId\": \"D25377EA-8E8F-4C76-8EA9-3BBDFB352815\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*\", \"matchCriteriaId\": \"59FEFE05-269A-4EAF-A80F-E4C2107B1197\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7E2AA7C-F602-4DB7-9EC1-0708C46C253C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB70E154-A304-429E-80F5-8D87B00E32D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"70892D06-6E75-4425-BBF0-4B684EC62A1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*\", \"matchCriteriaId\": \"18DCFF53-B298-4534-AB5C-8A5EF59C616F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*\", \"matchCriteriaId\": \"083419F8-FDDF-4E36-88F8-857DB317C1D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7A74F65-57E8-4C9A-BA96-5EF401504F13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D0B90FC-57B6-4315-9B29-3C36E58B2CF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*\", \"matchCriteriaId\": \"07812576-3C35-404C-A7D7-9BE9E3D76E00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*\", \"matchCriteriaId\": \"00C52B1C-5447-4282-9667-9EBE0720B423\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*\", \"matchCriteriaId\": \"92BB9EB0-0C12-4E77-89EE-FB77097841B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABC0E7BB-F8B7-4369-9910-71240E4073A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*\", \"matchCriteriaId\": \"551B2640-8CEC-4C24-AF8B-7A7CEF864D9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AE30779-48FB-451E-8CE1-F469F93B8772\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*\", \"matchCriteriaId\": \"60590FDE-7156-4314-A012-AA38BD2ADDC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE51AD3A-8331-4E8F-9DB1-7A0051731DFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*\", \"matchCriteriaId\": \"F24F6122-2256-41B6-9033-794C6424ED99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EAFA79E-8C7A-48CF-8868-11378FE4B26F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1D6F19F-59B5-4BB6-AD35-013384025970\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7BA97BC-3ADA-465A-835B-6C3C5F416B56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*\", \"matchCriteriaId\": \"B71F77A4-B7EB-47A1-AAFD-431A7D040B86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*\", \"matchCriteriaId\": \"91D6BEA9-5943-44A4-946D-CEAA9BA99376\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*\", \"matchCriteriaId\": \"C079A3E0-44EB-4B9C-B4FC-B7621D165C3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CB74086-14B8-4237-8357-E0C6B5BB8313\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*\", \"matchCriteriaId\": \"3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*\", \"matchCriteriaId\": \"00C2B9C9-1177-4DA6-96CE-55F37F383F99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*\", \"matchCriteriaId\": \"12A3F367-33AD-47C3-BFDC-871A17E72C94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*\", \"matchCriteriaId\": \"78261932-7373-4F16-91E0-1A72ADBEBC3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*\", \"matchCriteriaId\": \"B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8483034-DD5A-445D-892F-CDE90A7D58EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*\", \"matchCriteriaId\": \"8279718F-878F-4868-8859-1728D13CD0D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C024E1A-FD2C-42E8-B227-C2AFD3040436\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F24389D-DDD0-4204-AA24-31C920A4F47E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*\", \"matchCriteriaId\": \"966979BE-1F21-4729-B6B8-610F74648344\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8534265-33BF-460D-BF74-5F55FDE50F29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*\", \"matchCriteriaId\": \"F77AFC25-1466-4E56-9D5F-6988F3288E16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*\", \"matchCriteriaId\": \"A650BEB8-E56F-4E42-9361-8D2DB083F0F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*\", \"matchCriteriaId\": \"799FFECD-E80A-44B3-953D-CDB5E195F3AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7047507-7CAF-4A14-AA9A-5CEF806EDE98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFC7B179-95D3-4F94-84F6-73F1034A1AF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FB28526-9385-44CA-AF08-1899E6C3AE4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*\", \"matchCriteriaId\": \"E26B69E4-0B43-415F-A82B-52FDCB262B3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*\", \"matchCriteriaId\": \"27BC4150-70EC-462B-8FC5-20B3442CBB31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*\", \"matchCriteriaId\": \"02646989-ECD9-40AE-A83E-EFF4080C69B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EF6650C-558D-45C8-AE7D-136EE70CB6D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"B55E8D50-99B4-47EC-86F9-699B67D473CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24B8DB06-590A-4008-B0AB-FCD1401C77C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndIncluding\": \"11.70.2\", \"matchCriteriaId\": \"8C5DA53D-744B-4087-AEA9-257F18949E4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*\", \"matchCriteriaId\": \"1AEFF829-A8F2-4041-8DDF-E705DB3ADED2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5735E553-9731-4AAC-BCFF-989377F817B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFE0A9D2-9A49-4BF6-BC6F-8249162D8334\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A372B177-F740-4655-865C-31777A6E140B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*\", \"matchCriteriaId\": \"64DE38C8-94F1-4860-B045-F33928F676A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*\", \"matchCriteriaId\": \"25BBBC1A-228F-45A6-AE95-DB915EDF84BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndIncluding\": \"9.0.4\", \"matchCriteriaId\": \"D239B58A-9386-443D-B579-B56AE2A500BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ADFF451-740F-4DBA-BD23-3881945D3E40\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: JSSE). Las versiones compatibles que est\\u00e1n afectadas son Java SE: 11.0.6 y 14. Una vulnerabilidad dif\\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de HTTPS comprometer a Java SE. Los ataques con \\u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, as\\u00ed como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE. Nota: Se aplica a la implementaci\\u00f3n de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox. Tambi\\u00e9n puede ser explotada al proporcionar datos a las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox, tal y como por medio de un servicio web. CVSS 3.0 Puntuaci\\u00f3n Base 4.8 (Impactos de la confidencialidad y la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).\"}]",
         id: "CVE-2020-2767",
         lastModified: "2024-11-21T05:26:12.807",
         metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 2.5}], \"cvssMetricV30\": [{\"source\": \"secalert_us@oracle.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 2.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
         published: "2020-04-15T14:15:26.187",
         references: "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200416-0004/\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4337-1/\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4662\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200416-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4337-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4662\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
         sourceIdentifier: "secalert_us@oracle.com",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2020-2767\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2020-04-15T14:15:26.187\",\"lastModified\":\"2024-11-21T05:26:12.807\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el producto Java SE de Oracle Java SE (componente: JSSE). Las versiones compatibles que están afectadas son Java SE: 11.0.6 y 14. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de HTTPS comprometer a Java SE. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Java SE, así como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE. Nota: Se aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada por medio de aplicaciones Java Web Start dentro del sandbox y applets de Java dentro del sandbox. También puede ser explotada al proporcionar datos a las API en el Componente especificado sin usar aplicaciones de Java Web Start dentro del sandbox o applets de Java dentro del sandbox, tal y como por medio de un servicio web. CVSS 3.0 Puntuación Base 4.8 (Impactos de la confidencialidad y la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}],\"cvssMetricV30\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"441D7EFC-92F3-4F5B-ADDB-A4BF241F546E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84457AF5-BF82-449E-8576-F34DD338BBE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E5E08E5-823D-4F57-BA0A-603F8E680419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89D95157-3487-4421-A5E3-801B987625B5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11\",\"versionEndIncluding\":\"11.0.6\",\"matchCriteriaId\":\"A8ADAA7A-7951-40D7-B1B1-78944D954209\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13\",\"versionEndIncluding\":\"13.0.2\",\"matchCriteriaId\":\"ECA4E3C8-0E29-47F3-8FE6-5EB7AB469AAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"02011EDC-20A7-4A16-A592-7C76E0037997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC6D4652-1226-4C60-BEDF-01EBF8AC0849\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C1F9ED7-7D93-41F4-9130-15BA734420AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CF9CDF1-95D3-4125-A73F-396D2280FC4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*\",\"matchCriteriaId\":\"A13266DC-F8D9-4F30-987F-65BBEAF8D3A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*\",\"matchCriteriaId\":\"C28388AB-CFC9-4749-A90F-383F5B905EA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA1B00F9-A81C-48B7-8DAA-F394DDF323F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA7AD457-6CE6-4925-8D94-A907B40233D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*\",\"matchCriteriaId\":\"5480E5AD-DB46-474A-9B57-84ED088A75FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*\",\"matchCriteriaId\":\"881A4AE9-6012-4E91-98BE-0A352CC20703\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E1079-57D9-473B-A017-964F4745F329\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8D6446E-2915-4F12-87BE-E7420BC2626E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*\",\"matchCriteriaId\":\"564EDCE3-16E6-401D-8A43-032D1F8875E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*\",\"matchCriteriaId\":\"08278802-D31B-488A-BA6A-EBC816DF883A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*\",\"matchCriteriaId\":\"72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BBB0969-565E-43E2-B067-A10AAA5F1958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*\",\"matchCriteriaId\":\"D78BE95D-6270-469A-8035-FCDDB398F952\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*\",\"matchCriteriaId\":\"88C24F40-3150-4584-93D9-8307DE04EEE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*\",\"matchCriteriaId\":\"19626B36-62FC-4497-A2E1-7D6CD9839B19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*\",\"matchCriteriaId\":\"5713AEBD-35F6-44E8-A0CC-A42830D7AE20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BE0C04B-440E-4B35-ACC8-6264514F764C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*\",\"matchCriteriaId\":\"555EC2A6-0475-48ED-AE0C-B306714A9333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C242D3BE-9114-4A9E-BB78-45754C7CC450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D61068FE-18EE-4ADB-BC69-A3ECE8724575\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFB59E80-4EC4-4399-BF40-6733E4E475A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*\",\"matchCriteriaId\":\"84E31265-22E1-4E91-BFCB-D2AFF445926A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*\",\"matchCriteriaId\":\"50319E52-8739-47C5-B61E-3CA9B6A9A48F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ED515B9-DC74-4DC5-B98A-08D87D85E11E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D1D4868-1F9F-43F7-968C-6469B67D3F1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*\",\"matchCriteriaId\":\"568F1AC4-B0D7-4438-82E5-0E61500F2240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*\",\"matchCriteriaId\":\"14E9133E-9FF3-40DB-9A11-7469EF5FD265\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"94834710-3FA9-49D9-8600-B514CBCA4270\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*\",\"matchCriteriaId\":\"4228D9E1-7D82-4B49-9669-9CDAD7187432\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6231F48-2936-4F7D-96D5-4BA11F78EBE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*\",\"matchCriteriaId\":\"D96D5061-4A81-497E-9AD6-A8381B3B454C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*\",\"matchCriteriaId\":\"5345C21E-A01B-43B9-9A20-F2783D921C60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*\",\"matchCriteriaId\":\"B219F360-83BD-4111-AB59-C9D4F55AF4C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*\",\"matchCriteriaId\":\"D25377EA-8E8F-4C76-8EA9-3BBDFB352815\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*\",\"matchCriteriaId\":\"59FEFE05-269A-4EAF-A80F-E4C2107B1197\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7E2AA7C-F602-4DB7-9EC1-0708C46C253C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB70E154-A304-429E-80F5-8D87B00E32D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"70892D06-6E75-4425-BBF0-4B684EC62A1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*\",\"matchCriteriaId\":\"18DCFF53-B298-4534-AB5C-8A5EF59C616F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*\",\"matchCriteriaId\":\"083419F8-FDDF-4E36-88F8-857DB317C1D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7A74F65-57E8-4C9A-BA96-5EF401504F13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D0B90FC-57B6-4315-9B29-3C36E58B2CF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*\",\"matchCriteriaId\":\"07812576-3C35-404C-A7D7-9BE9E3D76E00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*\",\"matchCriteriaId\":\"00C52B1C-5447-4282-9667-9EBE0720B423\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BB9EB0-0C12-4E77-89EE-FB77097841B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABC0E7BB-F8B7-4369-9910-71240E4073A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*\",\"matchCriteriaId\":\"551B2640-8CEC-4C24-AF8B-7A7CEF864D9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AE30779-48FB-451E-8CE1-F469F93B8772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*\",\"matchCriteriaId\":\"60590FDE-7156-4314-A012-AA38BD2ADDC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE51AD3A-8331-4E8F-9DB1-7A0051731DFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*\",\"matchCriteriaId\":\"F24F6122-2256-41B6-9033-794C6424ED99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EAFA79E-8C7A-48CF-8868-11378FE4B26F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1D6F19F-59B5-4BB6-AD35-013384025970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7BA97BC-3ADA-465A-835B-6C3C5F416B56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*\",\"matchCriteriaId\":\"B71F77A4-B7EB-47A1-AAFD-431A7D040B86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*\",\"matchCriteriaId\":\"91D6BEA9-5943-44A4-946D-CEAA9BA99376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*\",\"matchCriteriaId\":\"C079A3E0-44EB-4B9C-B4FC-B7621D165C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CB74086-14B8-4237-8357-E0C6B5BB8313\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*\",\"matchCriteriaId\":\"00C2B9C9-1177-4DA6-96CE-55F37F383F99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*\",\"matchCriteriaId\":\"12A3F367-33AD-47C3-BFDC-871A17E72C94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*\",\"matchCriteriaId\":\"78261932-7373-4F16-91E0-1A72ADBEBC3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*\",\"matchCriteriaId\":\"B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8483034-DD5A-445D-892F-CDE90A7D58EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*\",\"matchCriteriaId\":\"8279718F-878F-4868-8859-1728D13CD0D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C024E1A-FD2C-42E8-B227-C2AFD3040436\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F24389D-DDD0-4204-AA24-31C920A4F47E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*\",\"matchCriteriaId\":\"966979BE-1F21-4729-B6B8-610F74648344\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8534265-33BF-460D-BF74-5F55FDE50F29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*\",\"matchCriteriaId\":\"F77AFC25-1466-4E56-9D5F-6988F3288E16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*\",\"matchCriteriaId\":\"A650BEB8-E56F-4E42-9361-8D2DB083F0F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*\",\"matchCriteriaId\":\"799FFECD-E80A-44B3-953D-CDB5E195F3AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7047507-7CAF-4A14-AA9A-5CEF806EDE98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFC7B179-95D3-4F94-84F6-73F1034A1AF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FB28526-9385-44CA-AF08-1899E6C3AE4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*\",\"matchCriteriaId\":\"E26B69E4-0B43-415F-A82B-52FDCB262B3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*\",\"matchCriteriaId\":\"27BC4150-70EC-462B-8FC5-20B3442CBB31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*\",\"matchCriteriaId\":\"02646989-ECD9-40AE-A83E-EFF4080C69B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EF6650C-558D-45C8-AE7D-136EE70CB6D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B8DB06-590A-4008-B0AB-FCD1401C77C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.70.2\",\"matchCriteriaId\":\"8C5DA53D-744B-4087-AEA9-257F18949E4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*\",\"matchCriteriaId\":\"1AEFF829-A8F2-4041-8DDF-E705DB3ADED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFE0A9D2-9A49-4BF6-BC6F-8249162D8334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A372B177-F740-4655-865C-31777A6E140B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*\",\"matchCriteriaId\":\"64DE38C8-94F1-4860-B045-F33928F676A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*\",\"matchCriteriaId\":\"25BBBC1A-228F-45A6-AE95-DB915EDF84BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndIncluding\":\"9.0.4\",\"matchCriteriaId\":\"D239B58A-9386-443D-B579-B56AE2A500BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADFF451-740F-4DBA-BD23-3881945D3E40\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200416-0004/\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4337-1/\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4662\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200416-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4337-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4662\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200416-0004/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4662\", \"name\": \"DSA-4662\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4337-1/\", \"name\": \"USN-4337-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html\", \"name\": \"openSUSE-SU-2020:0757\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T07:17:02.632Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-2767\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-30T14:59:51.390149Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-30T15:00:29.872Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 4.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Java\", \"versions\": [{\"status\": \"affected\", \"version\": \"Java SE: 11.0.6, 14\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200416-0004/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4662\", \"name\": \"DSA-4662\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://usn.ubuntu.com/4337-1/\", \"name\": \"USN-4337-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html\", \"name\": \"openSUSE-SU-2020:0757\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE accessible data as well as  unauthorized read access to a subset of Java SE accessible data.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2020-06-02T14:06:17\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"4.8\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\"}}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Java SE: 11.0.6, 14\", \"version_affected\": \"=\"}]}, \"product_name\": \"Java\"}]}, \"vendor_name\": \"Oracle Corporation\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200416-0004/\", \"name\": \"https://security.netapp.com/advisory/ntap-20200416-0004/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4662\", \"name\": \"DSA-4662\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://usn.ubuntu.com/4337-1/\", \"name\": \"USN-4337-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html\", \"name\": \"openSUSE-SU-2020:0757\", \"refsource\": \"SUSE\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE accessible data as well as  unauthorized read access to a subset of Java SE accessible data.\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-2767\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert_us@oracle.com\"}}}}",
         cveMetadata: "{\"cveId\": \"CVE-2020-2767\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-30T15:40:08.657Z\", \"dateReserved\": \"2019-12-10T00:00:00\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2020-04-15T13:29:45\", \"assignerShortName\": \"oracle\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.