CVE-2020-14621

Published Jul 15, 2020

Last updated a year ago

CVSS medium 5.3

Overview

Description: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Source: secalert_us@oracle.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9F6C698-54CB-4CBE-BBC9-2A059D419BAC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF39F7B1-6571-4BF6-A58F-4A6801636217"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A0D065C-C4AB-4558-86C3-9A89C9CADBF0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D034E25-195A-4926-9FEC-A2B9F01E0CFC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2DD43D4-AF2E-41DF-90C0-F899C624430E"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7"
          },
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
          },
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
          },
          {
            "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4"
          },
          {
            "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
            "versionEndIncluding": "11.70.2",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A4D418D-B526-46B9-B439-E1963BF88C0A"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
          },
          {
            "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334"
          },
          {
            "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8"
          },
          {
            "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References