CVE-2020-14556 — Corporation Java vulnerability

12 documents9 sources

Severity

4.8MEDIUMNVD

EPSS

0.6%

top 31.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp E-series Santricity OS Controller Netapp Storagegrid Oracle Corporation Java +8 more

Timeline

PublishedJul 15

Latest updateMay 24

Description

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible dat…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages8 packages

▶CVEListV5oracle_corporation/javaJava SE Embedded: 8u251, Java SE: 8u251, 11.0.7, 14.0.1+1

▶NVDoracle/jdk1.8.0, 11.0.7, 14.0.1+2

▶NVDoracle/jre1.8.0, 11.0.7, 14.0.1+2

▶NVDoracle/openjdk14 versions+13

▶NVDnetapp/storagegrid9.0.0 — 9.0.4

Also affects: Debian Linux 10.0, 9.0, Fedora 31, 32, Ubuntu Linux 16.04, 18.04, 20.04

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-862j-pwc6-mxj9: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)↗2022-05-24

▶

OSV

openjdk-8 vulnerabilities↗2020-08-05

▶

OSV

openjdk-lts vulnerabilities↗2020-07-23

▶

CVEList

CVE-2020-14556: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)↗2020-07-15

▶

OSV

CVE-2020-14556: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)↗2020-07-15

▶

📋Vendor Advisories

Ubuntu

OpenJDK 8 vulnerabilities↗2020-08-05

▶

Ubuntu

OpenJDK vulnerabilities↗2020-07-23

▶

Oracle

Oracle Oracle Java SE Risk Matrix: Libraries — CVE-2020-14556↗2020-07-15

▶

Red Hat

OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117)↗2020-07-14

▶

Debian

CVE-2020-14556: openjdk-11 - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (compon...↗2020

▶

💬Community

Bugzilla

CVE-2020-14556 OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117)↗2020-07-14

▶