CVE-2020-2590

Published Jan 15, 2020
Last updated 4 years ago
CVSS low 3.7
Overview

Description: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Source: secalert_us@oracle.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 3.7
Impact score: 1.4
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: LOW
CVSS 3.0

Type: Secondary
Base score: 3.7
Impact score: 1.4
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: LOW
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89175649-A3CE-4A15-B875-C93D289F8307"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "665B33FE-52FE-4E17-8A80-D61656C49900"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_241:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "405536FF-8BB9-4926-97E3-61BAA3A75E08"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_231:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52496989-B639-4E8E-8319-D5D9FE5B30DB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:11.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7FB7666-E40E-45A6-9F87-A51B9D7E8EBB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:13.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BF92693-510C-48A4-ABFC-AD975DB971CF"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC88059E-CCFD-4AFD-9982-41DF225FB840"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "465CFA59-8E94-415A-ACF0-E678826813BE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85BDC28A-484B-4D14-8D68-890450DCE3F6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "635DEFDD-4840-48C6-AB1C-ADAFF4A1E50C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40A221DB-1684-4C87-B576-0969FE13E1AA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE6A1B86-3688-4A13-AB37-DBD0DA323202"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17E0085B-4748-4F79-BEF6-CD9C3D2E6FE1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD3A4AFB-8D76-4B16-A306-2A10F23E51EA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1704C904-6E0A-4972-BC94-326D8BC6315A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
            "versionStartIncluding": "7.3"
          },
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
            "versionStartIncluding": "9.5"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3275348E-0FAF-4DC1-94A6-B53014659D49"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4",
            "versionEndIncluding": "11.60.3",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
          },
          {
            "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B"
          },
          {
            "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
