Versio.io

CVE-2020-14782

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 21-10-2020 05:15
Last modified: - 13-05-2022 04:57
Total changes: - 6

Description

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
High
Attack complexity
Network
Attack vector
None
Availability
None
Confidentiality
Low
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
3.7
Base score
2.2
1.4
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=oracle AND product=jdk AND version=11.0.8
vendor=oracle AND product=jdk AND version=1.7.0 AND update=update271
vendor=oracle AND product=jdk AND version=15
vendor=oracle AND product=jdk AND version=1.8.0 AND update=update261
vendor=oracle AND product=jre AND version=1.8.0 AND update=update261
OR
vendor=Debian AND product=debian_linux AND version=9.0
vendor=Debian AND product=debian_linux AND version=10.0
OR
vendor=netapp AND product=steelstore_cloud_integrated_storage AND version=-
vendor=netapp AND product=oncommand_workflow_automation AND version=-
vendor=netapp AND product=oncommand_insight AND version=-
vendor=netapp AND product=e-series_santricity_web_services_proxy AND version=-
vendor=netapp AND product=e-series_santricity_storage_manager AND version=-
vendor=netapp AND product=active_iq_unified_manager AND target_software=windows AND versionStartIncluding=7.3
vendor=netapp AND product=active_iq_unified_manager AND target_software=vmware_vsphere AND versionStartIncluding=9.5
vendor=netapp AND product=e-series_santricity_os_controller AND versionEndIncluding=11.60.1 AND versionStartIncluding=11.0.0
vendor=netapp AND product=santricity_unified_manager AND version=-
vendor=netapp AND product=e-series_performance_analyzer AND version=-
vendor=netapp AND product=e-series_santricity_management_plug-ins AND version=- AND target_software=vmware_vcenter
OR
vendor=mcafee AND product=epolicy_orchestrator AND version=5.9.0
vendor=mcafee AND product=epolicy_orchestrator AND version=5.9.1
vendor=mcafee AND product=epolicy_orchestrator AND version=5.10.0 AND update=update_1
vendor=mcafee AND product=epolicy_orchestrator AND version=5.10.0 AND update=update_2
vendor=mcafee AND product=epolicy_orchestrator AND version=5.10.0 AND update=update_3
vendor=mcafee AND product=epolicy_orchestrator AND version=5.10.0 AND update=update_4
vendor=mcafee AND product=epolicy_orchestrator AND version=5.10.0 AND update=update_5
vendor=mcafee AND product=epolicy_orchestrator AND version=5.10.0 AND update=update_6
vendor=mcafee AND product=epolicy_orchestrator AND version=5.10.0 AND update=-
OR
vendor=opensuse AND product=leap AND version=15.2
 

Reference

 


Keywords

NVD

 

CVE-2020-14782

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.