CVE-2020-2816 — Improperly Implemented Security Check for Standard in Oracle Openjdk
Severity
7.5HIGHNVD
EPSS
0.7%
top 27.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedApr 15
Latest updateMay 24
Description
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the spec…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages8 packages
Also affects: Debian Linux 10.0, Ubuntu Linux 16.04, 18.04, 19.10
🔴Vulnerability Details
3GHSA▶
GHSA-wq43-mwf7-pm7c: Vulnerability in the Java SE product of Oracle Java SE (component: JSSE)↗2022-05-24
OSV
▶
CVEList
▶
📋Vendor Advisories
4Red Hat
▶
Debian▶
CVE-2020-2816: openjdk-11 - Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Suppor...↗2020
💬Community
1Bugzilla▶
CVE-2020-2816 OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691)↗2020-04-14