CVE-2020-14718Corporation Graalvm Enterprise Edition vulnerability

5 documents5 sources
Severity
7.2HIGHNVD
OSV9.8
EPSS
1.3%
top 20.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Fasterxml Jackson-databindOracle Corporation Graalvm Enterprise EditionOracle Graalvm
Timeline
PublishedJul 15
Latest updateMay 24

Description

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI). Supported versions that are affected are 19.3.2 and 20.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). C

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

NVDoracle/graalvm19.3.2, 20.1.0+1
Ubuntufasterxml/jackson-databind< 2.4.2-3ubuntu0.1~esm2

🔴Vulnerability Details

3
GHSA
GHSA-3q43-4596-jvg6: Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI)2022-05-24
OSV
jackson-databind vulnerabilities2021-03-15
CVEList
CVE-2020-14718: Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI)2020-07-15

📋Vendor Advisories

1
Oracle
Oracle Oracle GraalVM Risk Matrix: JVMCI — CVE-2020-147182020-07-15
CVE-2020-14718 — HIGH severity | cvebase