Description
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Oracle Corporation | Java | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 6 | |||
| java-1.8.0-openjdk-1:1.8.0.252.b09-2.el6_10 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2020:1506 | 2020-04-21T00:00:00Z |
| java-1.7.0-openjdk-1:1.7.0.261-2.6.22.1.el6_10 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2020:1508 | 2020-04-21T00:00:00Z |
| Red Hat Enterprise Linux 6 Supplementary | |||
| java-1.7.1-ibm-1:1.7.1.4.65-1jpp.1.el6_10 | cpe:/a:redhat:rhel_extras:6 | RHSA-2020:2236 | 2020-05-20T00:00:00Z |
| java-1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el6_10 | cpe:/a:redhat:rhel_extras:6 | RHSA-2020:2239 | 2020-05-20T00:00:00Z |
| Red Hat Enterprise Linux 7 | |||
| java-1.7.0-openjdk-1:1.7.0.261-2.6.22.2.el7_8 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2020:1507 | 2020-04-21T00:00:00Z |
| java-11-openjdk-1:11.0.7.10-4.el7_8 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2020:1509 | 2020-04-21T00:00:00Z |
| java-1.8.0-openjdk-1:1.8.0.252.b09-2.el7_8 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2020:1512 | 2020-04-21T00:00:00Z |
| Red Hat Enterprise Linux 7 Supplementary | |||
| java-1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el7 | cpe:/a:redhat:rhel_extras:7 | RHSA-2020:2237 | 2020-05-20T00:00:00Z |
| java-1.7.1-ibm-1:1.7.1.4.65-1jpp.1.el7 | cpe:/a:redhat:rhel_extras:7 | RHSA-2020:2238 | 2020-05-20T00:00:00Z |
| Red Hat Enterprise Linux 8 | |||
| java-11-openjdk-1:11.0.7.10-1.el8_1 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2020:1514 | 2020-04-21T00:00:00Z |
| java-1.8.0-openjdk-1:1.8.0.252.b09-2.el8_1 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2020:1515 | 2020-04-22T00:00:00Z |
| java-1.8.0-ibm-1:1.8.0.6.10-1.el8_2 | cpe:/a:redhat:enterprise_linux:8::supplementary | RHSA-2020:2241 | 2020-05-20T00:00:00Z |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | |||
| java-1.8.0-openjdk-1:1.8.0.252.b09-2.el8_0 | cpe:/a:redhat:rhel_e4s:8.0 | RHSA-2020:1516 | 2020-04-22T00:00:00Z |
| java-11-openjdk-1:11.0.7.10-1.el8_0 | cpe:/a:redhat:rhel_e4s:8.0 | RHSA-2020:1517 | 2020-04-22T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-2193-1 | openjdk-7 security update |
 Debian DSA |
DSA-4662-1 | openjdk-11 security update |
 EUVD |
EUVD-2020-22623 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). |
 Ubuntu USN |
USN-4337-1 | OpenJDK vulnerabilities |
References
History
Fri, 27 Sep 2024 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Subscriptions
Canonical
Subscribe
Ubuntu Linux
Subscribe
Debian
Subscribe
Debian Linux
Subscribe
Fedoraproject
Subscribe
Fedora
Subscribe
Mcafee
Subscribe
Threat Intelligence Exchange Server
Subscribe
Netapp
Subscribe
7-mode Transition Tool
Subscribe
Active Iq Unified Manager
Subscribe
Cloud Backup
Subscribe
E-series Performance Analyzer
Subscribe
E-series Santricity Os Controller
Subscribe
E-series Santricity Web Services
Subscribe
Oncommand Insight
Subscribe
Oncommand Workflow Automation
Subscribe
Plug-in For Symantec Netbackup
Subscribe
Santricity Unified Manager
Subscribe
Snapmanager
Subscribe
Steelstore Cloud Integrated Storage
Subscribe
Storagegrid
Subscribe
Opensuse
Subscribe
Leap
Subscribe
Oracle
Subscribe
Jdk
Subscribe
Jre
Subscribe
Openjdk
Subscribe
Redhat
Subscribe
Enterprise Linux
Subscribe
Rhel E4s
Subscribe
Rhel Extras
Subscribe
MITRE
Status: PUBLISHED
Assigner: oracle
Published:
Updated: 2024-09-27T19:06:46.444Z
Reserved: 2019-12-10T00:00:00.000Z
Link: CVE-2020-2830
Vulnrichment
Updated: 2024-08-04T07:17:02.823Z
NVD
Status : Modified
Published: 2020-04-15T14:15:29.950
Modified: 2024-11-21T05:26:23.537
Link: CVE-2020-2830
Redhat
OpenCVE Enrichment
No data.
Weaknesses