CVE-2020-2778 — Use of a Broken or Risky Cryptographic Algorithm in Oracle Openjdk
Severity
3.7LOWNVD
EPSS
0.4%
top 37.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedApr 15
Latest updateMay 24
Description
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Sta…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4
Affected Packages7 packages
Also affects: Debian Linux 10.0, Ubuntu Linux 16.04, 18.04, 19.10
🔴Vulnerability Details
3GHSA▶
GHSA-g7gj-3cvp-r2pf: Vulnerability in the Java SE product of Oracle Java SE (component: JSSE)↗2022-05-24
OSV
▶
CVEList
▶
📋Vendor Advisories
4Red Hat
▶
Debian▶
CVE-2020-2778: openjdk-11 - Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Suppor...↗2020
💬Community
1Bugzilla▶
CVE-2020-2778 OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424)↗2020-04-14