CVE-2020-14664Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Java

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources
Severity
8.3HIGHNVD
EPSS
1.1%
top 22.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Netapp E-series Santricity OS ControllerNetapp StoragegridOracle Corporation Java+3 more
Timeline
PublishedJul 15
Latest updateMay 24

Description

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result i

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages6 packages

CVEListV5oracle_corporation/javaJava SE: 8u251
NVDoracle/jdk1.8.0
NVDoracle/jre1.8.0
NVDnetapp/storagegrid9.0.09.0.4

🔴Vulnerability Details

3
GHSA
GHSA-cfp9-cx5p-7jfp: Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX)2022-05-24
CVEList
CVE-2020-14664: Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX)2020-07-15
OSV
CVE-2020-14664: Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX)2020-07-15

📋Vendor Advisories

3
Oracle
Oracle Oracle Java SE Risk Matrix: JavaFX — CVE-2020-146642020-07-15
Red Hat
JavaFX: Out-of-bounds write in HTML Rendering2020-07-14
Debian
CVE-2020-14664: openjfx - Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The ...2020

💬Community

1
Bugzilla
CVE-2020-14664 JavaFX: Out-of-bounds write in HTML Rendering2020-08-04
CVE-2020-14664 — Oracle Corporation Java vulnerability | cvebase