Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Oracle Corporation | Java | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 6 | |||
| java-1.8.0-openjdk-1:1.8.0.262.b10-0.el6_10 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2020:2985 | 2020-07-16T00:00:00Z |
| Red Hat Enterprise Linux 6 Supplementary | |||
| java-1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el6_10 | cpe:/a:redhat:rhel_extras:6 | RHSA-2020:3387 | 2020-08-10T00:00:00Z |
| Red Hat Enterprise Linux 7 | |||
| java-1.8.0-openjdk-1:1.8.0.262.b10-0.el7_8 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2020:2968 | 2020-07-16T00:00:00Z |
| java-11-openjdk-1:11.0.8.10-0.el7_8 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2020:2969 | 2020-07-16T00:00:00Z |
| Red Hat Enterprise Linux 7 Supplementary | |||
| java-1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el7 | cpe:/a:redhat:rhel_extras:7 | RHSA-2020:3388 | 2020-08-10T00:00:00Z |
| java-1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7 | cpe:/a:redhat:rhel_extras:7 | RHSA-2020:5585 | 2020-12-16T00:00:00Z |
| Red Hat Enterprise Linux 8 | |||
| java-11-openjdk-1:11.0.8.10-0.el8_2 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2020:2970 | 2020-07-16T00:00:00Z |
| java-1.8.0-openjdk-1:1.8.0.262.b10-0.el8_2 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2020:2972 | 2020-07-16T00:00:00Z |
| java-1.8.0-ibm-1:1.8.0.6.15-1.el8_2 | cpe:/a:redhat:enterprise_linux:8::supplementary | RHSA-2020:3386 | 2020-08-10T00:00:00Z |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | |||
| java-11-openjdk-1:11.0.8.10-0.el8_0 | cpe:/a:redhat:rhel_e4s:8.0 | RHSA-2020:3098 | 2020-07-22T00:00:00Z |
| java-1.8.0-openjdk-1:1.8.0.262.b10-0.el8_0 | cpe:/a:redhat:rhel_e4s:8.0 | RHSA-2020:3100 | 2020-07-22T00:00:00Z |
| Red Hat Enterprise Linux 8.1 Extended Update Support | |||
| java-11-openjdk-1:11.0.8.10-0.el8_1 | cpe:/a:redhat:rhel_eus:8.1 | RHSA-2020:3099 | 2020-07-22T00:00:00Z |
| java-1.8.0-openjdk-1:1.8.0.262.b10-0.el8_1 | cpe:/a:redhat:rhel_eus:8.1 | RHSA-2020:3101 | 2020-07-22T00:00:00Z |
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Canonical
Subscribe
|
Ubuntu Linux
Subscribe
|
|
Debian
Subscribe
|
Debian Linux
Subscribe
|
|
Fedoraproject
Subscribe
|
Fedora
Subscribe
|
|
Netapp
Subscribe
|
7-mode Transition Tool
Subscribe
Active Iq Unified Manager
Subscribe
Cloud Backup
Subscribe
Cloud Secure Agent
Subscribe
E-series Performance Analyzer
Subscribe
E-series Santricity Os Controller
Subscribe
E-series Santricity Web Services
Subscribe
Oncommand Insight
Subscribe
Oncommand Workflow Automation
Subscribe
Santricity Unified Manager
Subscribe
Snapmanager
Subscribe
Steelstore Cloud Integrated Storage
Subscribe
Storagegrid
Subscribe
|
|
Opensuse
Subscribe
|
Leap
Subscribe
|
|
Oracle
Subscribe
|
|
|
Redhat
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-2325-1 | openjdk-8 security update |
 Debian DSA |
DSA-4734-1 | openjdk-11 security update |
 EUVD |
EUVD-2020-6719 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). |
 Ubuntu USN |
USN-4433-1 | OpenJDK vulnerabilities |
| Ubuntu USN |
USN-4453-1 | OpenJDK 8 vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 27 May 2025 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Oracle openjdk
|
|
| CPEs | cpe:2.3:a:oracle:jre:1.7.0:update261:*:*:*:*:*:* cpe:2.3:a:oracle:jre:11.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:jre:14.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:11.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:11.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:13.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:13.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:* |
|
| Vendors & Products |
Oracle openjdk
|
Fri, 27 Sep 2024 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: oracle
Published:
Updated: 2024-09-27T18:37:10.873Z
Reserved: 2020-06-19T00:00:00
Link: CVE-2020-14583
Vulnrichment
Updated: 2024-08-04T12:53:41.875Z
NVD
Status : Analyzed
Published: 2020-07-15T18:15:24.240
Modified: 2025-05-27T16:28:16.097
Link: CVE-2020-14583
Redhat
OpenCVE Enrichment
No data.
Weaknesses