Description
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Oracle Corporation | Java | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 6 | |||
| java-1.8.0-openjdk-1:1.8.0.242.b07-1.el6_10 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2020:0157 | 2020-01-21T00:00:00Z |
| java-1.7.0-openjdk-1:1.7.0.251-2.6.21.0.el6_10 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2020:0632 | 2020-02-27T00:00:00Z |
| Red Hat Enterprise Linux 6 Supplementary | |||
| java-1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el6_10 | cpe:/a:redhat:rhel_extras:6 | RHSA-2020:3387 | 2020-08-10T00:00:00Z |
| Red Hat Enterprise Linux 7 | |||
| java-11-openjdk-1:11.0.6.10-1.el7_7 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2020:0122 | 2020-01-16T00:00:00Z |
| java-1.8.0-openjdk-1:1.8.0.242.b08-0.el7_7 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2020:0196 | 2020-01-21T00:00:00Z |
| java-1.7.0-openjdk-1:1.7.0.251-2.6.21.0.el7_7 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2020:0541 | 2020-02-19T00:00:00Z |
| Red Hat Enterprise Linux 7 Supplementary | |||
| java-1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el7 | cpe:/a:redhat:rhel_extras:7 | RHSA-2020:3388 | 2020-08-10T00:00:00Z |
| java-1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7 | cpe:/a:redhat:rhel_extras:7 | RHSA-2020:5585 | 2020-12-16T00:00:00Z |
| Red Hat Enterprise Linux 8 | |||
| java-11-openjdk-1:11.0.6.10-0.el8_1 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2020:0128 | 2020-01-16T00:00:00Z |
| java-1.8.0-openjdk-1:1.8.0.242.b08-0.el8_1 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2020:0202 | 2020-01-24T00:00:00Z |
| java-1.8.0-ibm-1:1.8.0.6.15-1.el8_2 | cpe:/a:redhat:enterprise_linux:8::supplementary | RHSA-2020:3386 | 2020-08-10T00:00:00Z |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | |||
| java-1.8.0-openjdk-1:1.8.0.242.b08-0.el8_0 | cpe:/a:redhat:rhel_e4s:8.0 | RHSA-2020:0231 | 2020-01-27T00:00:00Z |
| java-11-openjdk-1:11.0.6.10-0.el8_0 | cpe:/a:redhat:rhel_e4s:8.0 | RHSA-2020:0232 | 2020-01-27T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-2128-1 | openjdk-7 security update |
 Debian DSA |
DSA-4605-1 | openjdk-11 security update |
| Debian DSA |
DSA-4621-1 | openjdk-8 security update |
 EUVD |
EUVD-2020-22394 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). |
 Ubuntu USN |
USN-4257-1 | OpenJDK vulnerabilities |
References
History
Mon, 30 Sep 2024 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Subscriptions
Canonical
Subscribe
Ubuntu Linux
Subscribe
Debian
Subscribe
Debian Linux
Subscribe
Netapp
Subscribe
Active Iq Unified Manager
Subscribe
E-series Performance Analyzer
Subscribe
E-series Santricity Management
Subscribe
E-series Santricity Os Controller
Subscribe
E-series Santricity Storage Manager
Subscribe
E-series Santricity Web Services
Subscribe
Oncommand Insight
Subscribe
Oncommand Workflow Automation
Subscribe
Santricity Unified Manager
Subscribe
Steelstore Cloud Integrated Storage
Subscribe
Opensuse
Subscribe
Leap
Subscribe
Oracle
Subscribe
Jdk
Subscribe
Jre
Subscribe
Openjdk
Subscribe
Redhat
Subscribe
Enterprise Linux
Subscribe
Enterprise Linux Desktop
Subscribe
Enterprise Linux Eus
Subscribe
Enterprise Linux Server
Subscribe
Enterprise Linux Server Aus
Subscribe
Enterprise Linux Server Tus
Subscribe
Enterprise Linux Workstation
Subscribe
Rhel E4s
Subscribe
Rhel Extras
Subscribe
MITRE
Status: PUBLISHED
Assigner: oracle
Published:
Updated: 2024-09-30T16:22:28.344Z
Reserved: 2019-12-10T00:00:00.000Z
Link: CVE-2020-2601
Vulnrichment
Updated: 2024-08-04T07:09:54.842Z
NVD
Status : Modified
Published: 2020-01-15T17:15:20.300
Modified: 2024-11-21T05:25:41.657
Link: CVE-2020-2601
Redhat
OpenCVE Enrichment
No data.
Weaknesses