4.3

CVE-2020-2654

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleJdk Version1.7.0 Updateupdate241
OracleJdk Version1.8.0 Updateupdate231
OracleJdk Version11.0.5
OracleJdk Version13.0.1
OracleJre Version1.7.0 Updateupdate_241
OracleJre Version1.8.0 Updateupdate_231
OracleJre Version11.0.5
OracleJre Version13.0.1
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Eus Version7.7
RedhatEnterprise Linux Eus Version8.1
OracleOpenjdk Version7 Update-
OracleOpenjdk Version7 Updateupdate241
OracleOpenjdk Version7 Updateupdate80
OracleOpenjdk Version7 Updateupdate85
OracleOpenjdk Version8 Update-
OracleOpenjdk Version8 Updateupdate102
OracleOpenjdk Version8 Updateupdate112
OracleOpenjdk Version8 Updateupdate152
OracleOpenjdk Version8 Updateupdate162
OracleOpenjdk Version8 Updateupdate172
OracleOpenjdk Version8 Updateupdate192
OracleOpenjdk Version8 Updateupdate20
OracleOpenjdk Version8 Updateupdate202
OracleOpenjdk Version8 Updateupdate212
OracleOpenjdk Version8 Updateupdate222
OracleOpenjdk Version8 Updateupdate232
OracleOpenjdk Version8 Updateupdate40
OracleOpenjdk Version8 Updateupdate60
OracleOpenjdk Version8 Updateupdate66
OracleOpenjdk Version8 Updateupdate72
OracleOpenjdk Version8 Updateupdate92
OracleOpenjdk Version11
OracleOpenjdk Version11.0.1
OracleOpenjdk Version11.0.2
OracleOpenjdk Version11.0.3
OracleOpenjdk Version11.0.4
OracleOpenjdk Version11.0.5
OracleOpenjdk Version13
OracleOpenjdk Version13.0.1
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
NetappActive Iq Unified Manager SwPlatformwindows Version >= 7.3
NetappActive Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5
NetappE-series Santricity Management Plug-ins Version- SwPlatformvmware_vcenter
NetappE-series Santricity Os Controller Version >= 11.0.0 <= 11.60.1
NetappOncommand Insight Version-
McafeeEpolicy Orchestrator Version5.9.0
McafeeEpolicy Orchestrator Version5.9.1
McafeeEpolicy Orchestrator Version5.10.0 Update-
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_1
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_2
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_3
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_4
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_5
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_6
OpensuseLeap Version15.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.462
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.7 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
secalert_us@oracle.com 3.7 2.2 1.4
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
https://seclists.org/bugtraq/2020/Feb/22
Third Party Advisory
Mailing List
Issue Tracking
https://seclists.org/bugtraq/2020/Jan/24
Third Party Advisory
Mailing List
Issue Tracking
https://usn.ubuntu.com/4257-1/
Third Party Advisory