CVE-2020-2604
Published Jan 15, 2020
Last updated 2 years ago
Overview
- Description
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
- Source
- secalert_us@oracle.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-502
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:commerce_experience_manager:11.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4BBE71A-CEE7-4319-9E7F-6D52E9905C7E"
},
{
"criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79"
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.3.0.2:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B257954-6EF3-4CBF-A8A7-699F70F98153"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update241:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01981FC7-F8D7-4268-9FF8-2F5968A8ECC9"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89175649-A3CE-4A15-B875-C93D289F8307"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:13.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "665B33FE-52FE-4E17-8A80-D61656C49900"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update231:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45E3A969-BFC2-45E2-B301-813E9335FC5D"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41909CBE-B056-4E00-AE21-670AA518E1B9",
"versionEndIncluding": "11.0.5",
"versionStartIncluding": "11"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43C96E91-EF8B-4A0E-A9A2-3525A8DD463E",
"versionEndIncluding": "13.0.1",
"versionStartIncluding": "13"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
"versionStartIncluding": "7.3"
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"vulnerable": true,
"matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
"versionStartIncluding": "9.5"
},
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6"
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
"vulnerable": true,
"matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57"
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFA6AD29-34C2-4FEC-9585-C42C6615C6CC",
"versionEndIncluding": "11.60.1",
"versionStartIncluding": "11.0.0"
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916"
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41"
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
},
{
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B"
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E"
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A"
}
],
"operator": "OR"
}
]
}
]