4.3

CVE-2020-2756

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Data is provided by the National Vulnerability Database (NVD)
OracleJdk Version1.7.0 Updateupdate251
OracleJdk Version1.8.0 Updateupdate241
OracleJdk Version11.0.6
OracleJdk Version14.0.0
OracleJre Version1.7.0 Updateupdate251
OracleJre Version1.8.0 Updateupdate241
OracleJre Version11.0.6
OracleJre Version14.0.0
OracleOpenjdk Version >= 11 <= 11.0.6
OracleOpenjdk Version >= 13 <= 13.0.2
OracleOpenjdk Version7 Update-
OracleOpenjdk Version7 Updateupdate1
OracleOpenjdk Version7 Updateupdate10
OracleOpenjdk Version7 Updateupdate101
OracleOpenjdk Version7 Updateupdate11
OracleOpenjdk Version7 Updateupdate111
OracleOpenjdk Version7 Updateupdate121
OracleOpenjdk Version7 Updateupdate13
OracleOpenjdk Version7 Updateupdate131
OracleOpenjdk Version7 Updateupdate141
OracleOpenjdk Version7 Updateupdate15
OracleOpenjdk Version7 Updateupdate151
OracleOpenjdk Version7 Updateupdate161
OracleOpenjdk Version7 Updateupdate17
OracleOpenjdk Version7 Updateupdate171
OracleOpenjdk Version7 Updateupdate181
OracleOpenjdk Version7 Updateupdate191
OracleOpenjdk Version7 Updateupdate2
OracleOpenjdk Version7 Updateupdate201
OracleOpenjdk Version7 Updateupdate21
OracleOpenjdk Version7 Updateupdate211
OracleOpenjdk Version7 Updateupdate221
OracleOpenjdk Version7 Updateupdate231
OracleOpenjdk Version7 Updateupdate241
OracleOpenjdk Version7 Updateupdate25
OracleOpenjdk Version7 Updateupdate251
OracleOpenjdk Version7 Updateupdate3
OracleOpenjdk Version7 Updateupdate4
OracleOpenjdk Version7 Updateupdate40
OracleOpenjdk Version7 Updateupdate45
OracleOpenjdk Version7 Updateupdate5
OracleOpenjdk Version7 Updateupdate51
OracleOpenjdk Version7 Updateupdate55
OracleOpenjdk Version7 Updateupdate6
OracleOpenjdk Version7 Updateupdate60
OracleOpenjdk Version7 Updateupdate65
OracleOpenjdk Version7 Updateupdate67
OracleOpenjdk Version7 Updateupdate7
OracleOpenjdk Version7 Updateupdate72
OracleOpenjdk Version7 Updateupdate76
OracleOpenjdk Version7 Updateupdate80
OracleOpenjdk Version7 Updateupdate85
OracleOpenjdk Version7 Updateupdate9
OracleOpenjdk Version7 Updateupdate91
OracleOpenjdk Version7 Updateupdate95
OracleOpenjdk Version7 Updateupdate97
OracleOpenjdk Version7 Updateupdate99
OracleOpenjdk Version8 Update-
OracleOpenjdk Version8 Updateupdate101
OracleOpenjdk Version8 Updateupdate102
OracleOpenjdk Version8 Updateupdate11
OracleOpenjdk Version8 Updateupdate111
OracleOpenjdk Version8 Updateupdate112
OracleOpenjdk Version8 Updateupdate121
OracleOpenjdk Version8 Updateupdate131
OracleOpenjdk Version8 Updateupdate141
OracleOpenjdk Version8 Updateupdate151
OracleOpenjdk Version8 Updateupdate152
OracleOpenjdk Version8 Updateupdate161
OracleOpenjdk Version8 Updateupdate162
OracleOpenjdk Version8 Updateupdate171
OracleOpenjdk Version8 Updateupdate172
OracleOpenjdk Version8 Updateupdate181
OracleOpenjdk Version8 Updateupdate191
OracleOpenjdk Version8 Updateupdate192
OracleOpenjdk Version8 Updateupdate20
OracleOpenjdk Version8 Updateupdate201
OracleOpenjdk Version8 Updateupdate202
OracleOpenjdk Version8 Updateupdate211
OracleOpenjdk Version8 Updateupdate212
OracleOpenjdk Version8 Updateupdate221
OracleOpenjdk Version8 Updateupdate231
OracleOpenjdk Version8 Updateupdate241
OracleOpenjdk Version8 Updateupdate25
OracleOpenjdk Version8 Updateupdate31
OracleOpenjdk Version8 Updateupdate40
OracleOpenjdk Version8 Updateupdate45
OracleOpenjdk Version8 Updateupdate5
OracleOpenjdk Version8 Updateupdate51
OracleOpenjdk Version8 Updateupdate60
OracleOpenjdk Version8 Updateupdate65
OracleOpenjdk Version8 Updateupdate66
OracleOpenjdk Version8 Updateupdate71
OracleOpenjdk Version8 Updateupdate72
OracleOpenjdk Version8 Updateupdate73
OracleOpenjdk Version8 Updateupdate74
OracleOpenjdk Version8 Updateupdate77
OracleOpenjdk Version8 Updateupdate91
OracleOpenjdk Version8 Updateupdate92
OracleOpenjdk Version14
NetappActive Iq Unified Manager SwPlatformwindows Version >= 7.3
NetappActive Iq Unified Manager SwPlatformvsphere Version >= 9.5
NetappCloud Backup Version-
NetappCloud Secure Agent Version-
NetappE-series Santricity Os Controller Version >= 11.0.0 <= 11.70.2
NetappE-series Santricity Web Services Version- SwPlatformweb_services_proxy
NetappOncommand Insight Version-
NetappSnapmanager Version- SwPlatformsap
NetappSnapmanager Version- Update- SwPlatformoracle
NetappStoragegrid Version >= 9.0.0 <= 9.0.4
NetappStoragegrid Version-
FedoraprojectFedora Version30
FedoraprojectFedora Version31
FedoraprojectFedora Version32
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
OpensuseLeap Version15.1
OpensuseLeap Version15.2
McafeeEpolicy Orchestrator Version >= 5.9.0 < 5.10.0
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_1
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_2
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_3
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_4
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_5
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_6
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_7
McafeeEpolicy Orchestrator Version5.10.0 Updateupdate_8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.26% 0.495
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.7 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
secalert_us@oracle.com 3.7 2.2 1.4
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://usn.ubuntu.com/4337-1/
Third Party Advisory