CVE-2020-14796

10 documents9 sources
Severity
3.1LOW
EPSS
0.1%
top 67.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Netapp E-series Santricity OS ControllerOracle Corporation Java SE JDK AND JREDebian Debian Linux+5 more
Timeline
PublishedOct 21
Latest updateMay 24

Description

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthori

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages8 packages

NVDoracle/jdk4 versions+3
NVDoracle/jre4 versions+3
NVDoracle/openjdk17 versions+16
Debianopenjdk-11< 11.0.9+11-1

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-xvc4-7pr5-9qg4: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)2022-05-24
CVEList
CVE-2020-14796: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)2020-10-21
OSV
CVE-2020-14796: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)2020-10-21

📋Vendor Advisories

5
Ubuntu
OpenJDK regressions2020-11-12
Ubuntu
OpenJDK vulnerabilities2020-10-27
Red Hat
OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680)2020-10-20
Oracle
Oracle Oracle Java SE Risk Matrix: Libraries — CVE-2020-147962020-10-15
Debian
CVE-2020-14796: openjdk-11 - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (compon...2020

💬Community

1
Bugzilla
CVE-2020-14796 OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680)2020-10-20
CVE-2020-14796 (LOW CVSS 3.1) | Vulnerability in the Java SE | cvebase.io