CVE-2020-14556

Published Jul 15, 2020
Last updated 16 days ago
CVSS medium 4.8
Overview

Description: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Source: secalert_us@oracle.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.8
Impact score: 2.5
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "465CFA59-8E94-415A-ACF0-E678826813BE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85BDC28A-484B-4D14-8D68-890450DCE3F6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "635DEFDD-4840-48C6-AB1C-ADAFF4A1E50C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40A221DB-1684-4C87-B576-0969FE13E1AA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE6A1B86-3688-4A13-AB37-DBD0DA323202"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17E0085B-4748-4F79-BEF6-CD9C3D2E6FE1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:11.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C4DAA76-EAA9-4C85-A92A-181EA49F3270"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:11.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19FC2907-1712-4E81-AC35-E3A15BF27606"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD3A4AFB-8D76-4B16-A306-2A10F23E51EA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1704C904-6E0A-4972-BC94-326D8BC6315A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:13.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35FA24D1-8BDA-4DD4-A74C-C041C44A1455"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:13.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "790FD30A-CE27-4A1E-A753-BE0A6B17B262"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F46E15B6-86D8-4B16-B3E9-B1CAAA354E7F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF39F7B1-6571-4BF6-A58F-4A6801636217"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A0D065C-C4AB-4558-86C3-9A89C9CADBF0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D034E25-195A-4926-9FEC-A2B9F01E0CFC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2DD43D4-AF2E-41DF-90C0-F899C624430E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:11.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3D66586-1585-42B2-8734-40FE8C7E5597"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:14.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3794CCBE-8A61-44F0-99FC-E7C0773A8744"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7"
          },
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
            "versionStartIncluding": "7.3"
          },
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
            "versionStartIncluding": "9.5"
          },
          {
            "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4"
          },
          {
            "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
            "versionEndIncluding": "11.70.2",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
          },
          {
            "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD"
          },
          {
            "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D"
          },
          {
            "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
            "versionEndIncluding": "9.0.4",
            "versionStartIncluding": "9.0.0"
          },
          {
            "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
References

Sources include official advisories and independent security research.
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
