CVE-2020-14792

EPSS 0.16%
Published 21.10.2020 15:15:19
Last modified 27.05.2025 16:40:24
Source secalert_us@oracle.com
Teams watchlist Login
Open Login

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).

Affected products Warnungen 0 Metrics 3 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Oracle ≫ Openjdk Version7 Update-

Oracle ≫ Openjdk Version7 Updateupdate1

Oracle ≫ Openjdk Version7 Updateupdate10

Oracle ≫ Openjdk Version7 Updateupdate101

Oracle ≫ Openjdk Version7 Updateupdate11

Oracle ≫ Openjdk Version7 Updateupdate111

Oracle ≫ Openjdk Version7 Updateupdate121

Oracle ≫ Openjdk Version7 Updateupdate13

Oracle ≫ Openjdk Version7 Updateupdate131

Oracle ≫ Openjdk Version7 Updateupdate141

Oracle ≫ Openjdk Version7 Updateupdate15

Oracle ≫ Openjdk Version7 Updateupdate151

Oracle ≫ Openjdk Version7 Updateupdate161

Oracle ≫ Openjdk Version7 Updateupdate17

Oracle ≫ Openjdk Version7 Updateupdate171

Oracle ≫ Openjdk Version7 Updateupdate181

Oracle ≫ Openjdk Version7 Updateupdate191

Oracle ≫ Openjdk Version7 Updateupdate2

Oracle ≫ Openjdk Version7 Updateupdate201

Oracle ≫ Openjdk Version7 Updateupdate21

Oracle ≫ Openjdk Version7 Updateupdate211

Oracle ≫ Openjdk Version7 Updateupdate221

Oracle ≫ Openjdk Version7 Updateupdate231

Oracle ≫ Openjdk Version7 Updateupdate241

Oracle ≫ Openjdk Version7 Updateupdate25

Oracle ≫ Openjdk Version7 Updateupdate251

Oracle ≫ Openjdk Version7 Updateupdate261

Oracle ≫ Openjdk Version7 Updateupdate271

Oracle ≫ Openjdk Version8 Update-

Oracle ≫ Openjdk Version8 Updatemilestone1

Oracle ≫ Openjdk Version8 Updatemilestone2

Oracle ≫ Openjdk Version8 Updatemilestone3

Oracle ≫ Openjdk Version8 Updatemilestone4

Oracle ≫ Openjdk Version8 Updatemilestone5

Oracle ≫ Openjdk Version8 Updatemilestone6

Oracle ≫ Openjdk Version8 Updatemilestone7

Oracle ≫ Openjdk Version8 Updatemilestone8

Oracle ≫ Openjdk Version8 Updatemilestone9

Oracle ≫ Openjdk Version8 Updateupdate101

Oracle ≫ Openjdk Version8 Updateupdate102

Oracle ≫ Openjdk Version8 Updateupdate11

Oracle ≫ Openjdk Version8 Updateupdate111

Oracle ≫ Openjdk Version8 Updateupdate112

Oracle ≫ Openjdk Version8 Updateupdate121

Oracle ≫ Openjdk Version8 Updateupdate131

Oracle ≫ Openjdk Version8 Updateupdate141

Oracle ≫ Openjdk Version8 Updateupdate151

Oracle ≫ Openjdk Version8 Updateupdate152

Oracle ≫ Openjdk Version8 Updateupdate161

Oracle ≫ Openjdk Version8 Updateupdate162

Oracle ≫ Openjdk Version8 Updateupdate171

Oracle ≫ Openjdk Version8 Updateupdate172

Oracle ≫ Openjdk Version8 Updateupdate181

Oracle ≫ Openjdk Version8 Updateupdate191

Oracle ≫ Openjdk Version8 Updateupdate192

Oracle ≫ Openjdk Version8 Updateupdate20

Oracle ≫ Openjdk Version8 Updateupdate201

Oracle ≫ Openjdk Version8 Updateupdate202

Oracle ≫ Openjdk Version8 Updateupdate211

Oracle ≫ Openjdk Version8 Updateupdate212

Oracle ≫ Openjdk Version8 Updateupdate221

Oracle ≫ Openjdk Version8 Updateupdate222

Oracle ≫ Openjdk Version8 Updateupdate231

Oracle ≫ Openjdk Version8 Updateupdate232

Oracle ≫ Openjdk Version8 Updateupdate241

Oracle ≫ Openjdk Version8 Updateupdate242

Oracle ≫ Openjdk Version8 Updateupdate25

Oracle ≫ Openjdk Version8 Updateupdate252

Oracle ≫ Openjdk Version8 Updateupdate262

Oracle ≫ Openjdk Version11

Oracle ≫ Openjdk Version11.0.1

Oracle ≫ Openjdk Version11.0.2

Oracle ≫ Openjdk Version11.0.3

Oracle ≫ Openjdk Version11.0.4

Oracle ≫ Openjdk Version11.0.5

Oracle ≫ Openjdk Version11.0.6

Oracle ≫ Openjdk Version11.0.7

Oracle ≫ Openjdk Version11.0.8

Oracle ≫ Openjdk Version13

Oracle ≫ Openjdk Version13.0.1

Oracle ≫ Openjdk Version13.0.2

Oracle ≫ Openjdk Version13.0.3

Oracle ≫ Openjdk Version13.0.4

Oracle ≫ Openjdk Version15

Oracle ≫ Jdk Version1.7.0 Updateupdate271

Oracle ≫ Jdk Version1.8.0 Updateupdate261

Oracle ≫ Jdk Version11.0.8

Oracle ≫ Jdk Version15

Oracle ≫ Jre Version1.7.0 Updateupdate271

Oracle ≫ Jre Version1.8.0 Updateupdate261

Oracle ≫ Jre Version11.0.8

Oracle ≫ Jre Version15

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Netapp ≫ 7-mode Transition Tool Version-

Netapp ≫ Active Iq Unified Manager SwPlatformwindows Version >= 7.3

Netapp ≫ Active Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5

Netapp ≫ E-series Santricity Os Controller Version >= 11.0.0 <= 11.60.1

Netapp ≫ E-series Santricity Storage Manager Version-

Netapp ≫ E-series Santricity Web Services Proxy Version-

Netapp ≫ Hci Management Node Version-

Netapp ≫ Oncommand Insight Version-

Netapp ≫ Oncommand Unified Manager Version-

Netapp ≫ Santricity Cloud Connector Version-

Netapp ≫ Santricity Unified Manager Version-

Netapp ≫ Snapmanager Version- Update- SwPlatformoracle

Netapp ≫ Snapmanager Version- Update- SwPlatformsap

Netapp ≫ Solidfire Version-

Netapp ≫ Hci Storage Node Version-

Mcafee ≫ Epolicy Orchestrator Version5.9.0

Mcafee ≫ Epolicy Orchestrator Version5.9.1

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Update-

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_1

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_2

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_3

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_4

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_5

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_6

Opensuse ≫ Leap Version15.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.372

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
secalert_us@oracle.com	4.2	1.6	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

https://www.oracle.com/security-alerts/cpuoct2020.html

Vendor Advisory

https://security.gentoo.org/glsa/202101-19

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20201023-0004/

Third Party Advisory

https://www.debian.org/security/2020/dsa-4779

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-14792

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14792

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14792

EUVD