Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00222.

Exploitation none

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Oracle Corporation Java affected
Version Status Constraints
Java SE: 7u251, 8u241, 11.0.6, 14 affected
Java SE Embedded: 8u241 affected

Configuration 1 [-]

OR cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update_251:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update_241:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:-:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix1:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix2:*:*:*:*:*:*
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*

Configuration 8 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6
java-1.8.0-openjdk-1:1.8.0.252.b09-2.el6_10 cpe:/o:redhat:enterprise_linux:6 RHSA-2020:1506 2020-04-21T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.261-2.6.22.1.el6_10 cpe:/o:redhat:enterprise_linux:6 RHSA-2020:1508 2020-04-21T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
java-1.7.1-ibm-1:1.7.1.4.65-1jpp.1.el6_10 cpe:/a:redhat:rhel_extras:6 RHSA-2020:2236 2020-05-20T00:00:00Z
java-1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el6_10 cpe:/a:redhat:rhel_extras:6 RHSA-2020:2239 2020-05-20T00:00:00Z
Red Hat Enterprise Linux 7
java-1.7.0-openjdk-1:1.7.0.261-2.6.22.2.el7_8 cpe:/o:redhat:enterprise_linux:7 RHSA-2020:1507 2020-04-21T00:00:00Z
java-11-openjdk-1:11.0.7.10-4.el7_8 cpe:/o:redhat:enterprise_linux:7 RHSA-2020:1509 2020-04-21T00:00:00Z
java-1.8.0-openjdk-1:1.8.0.252.b09-2.el7_8 cpe:/o:redhat:enterprise_linux:7 RHSA-2020:1512 2020-04-21T00:00:00Z
Red Hat Enterprise Linux 7 Supplementary
java-1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el7 cpe:/a:redhat:rhel_extras:7 RHSA-2020:2237 2020-05-20T00:00:00Z
java-1.7.1-ibm-1:1.7.1.4.65-1jpp.1.el7 cpe:/a:redhat:rhel_extras:7 RHSA-2020:2238 2020-05-20T00:00:00Z
Red Hat Enterprise Linux 8
java-11-openjdk-1:11.0.7.10-1.el8_1 cpe:/a:redhat:enterprise_linux:8 RHSA-2020:1514 2020-04-21T00:00:00Z
java-1.8.0-openjdk-1:1.8.0.252.b09-2.el8_1 cpe:/a:redhat:enterprise_linux:8 RHSA-2020:1515 2020-04-22T00:00:00Z
java-1.8.0-ibm-1:1.8.0.6.10-1.el8_2 cpe:/a:redhat:enterprise_linux:8::supplementary RHSA-2020:2241 2020-05-20T00:00:00Z
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
java-1.8.0-openjdk-1:1.8.0.252.b09-2.el8_0 cpe:/a:redhat:rhel_e4s:8.0 RHSA-2020:1516 2020-04-22T00:00:00Z
java-11-openjdk-1:11.0.7.10-1.el8_0 cpe:/a:redhat:rhel_e4s:8.0 RHSA-2020:1517 2020-04-22T00:00:00Z

No data.

Project Subscriptions

Vendors Products
Canonical Subscribe
Ubuntu Linux Subscribe
Debian Subscribe
Debian Linux Subscribe
Fedoraproject Subscribe
Fedora Subscribe
Mcafee Subscribe
Threat Intelligence Exchange Server Subscribe
Netapp Subscribe
7-mode Transition Tool Subscribe
Active Iq Unified Manager Subscribe
Cloud Backup Subscribe
E-series Performance Analyzer Subscribe
E-series Santricity Os Controller Subscribe
E-series Santricity Web Services Subscribe
Oncommand Insight Subscribe
Oncommand Workflow Automation Subscribe
Plug-in For Symantec Netbackup Subscribe
Santricity Unified Manager Subscribe
Snapmanager Subscribe
Steelstore Cloud Integrated Storage Subscribe
Storagegrid Subscribe
Opensuse Subscribe
Leap Subscribe
Oracle Subscribe
Jdk Subscribe
Jre Subscribe
Openjdk Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Rhel E4s Subscribe
Rhel Extras Subscribe
Advisories
Source ID Title
Debian DLA Debian DLA DLA-2193-1 openjdk-7 security update
Debian DSA Debian DSA DSA-4662-1 openjdk-11 security update
EUVD EUVD EUVD-2020-22623 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Ubuntu USN Ubuntu USN USN-4337-1 OpenJDK vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html cve-icon cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10318 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-2830 cve-icon
https://security.gentoo.org/glsa/202006-22 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20200416-0004/ cve-icon cve-icon
https://usn.ubuntu.com/4337-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-2830 cve-icon
https://www.debian.org/security/2020/dsa-4662 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2020.html cve-icon cve-icon
History

Fri, 27 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2024-09-27T19:06:46.444Z

Reserved: 2019-12-10T00:00:00

Link: CVE-2020-2830

cve-icon Vulnrichment

Updated: 2024-08-04T07:17:02.823Z

cve-icon NVD

Status : Modified

Published: 2020-04-15T14:15:29.950

Modified: 2024-11-21T05:26:23.537

Link: CVE-2020-2830

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-04-14T00:00:00Z

Links: CVE-2020-2830 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses