Description
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Oracle Corporation | Java | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 6 | |||
| java-1.8.0-openjdk-1:1.8.0.242.b07-1.el6_10 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2020:0157 | 2020-01-21T00:00:00Z |
| java-1.7.0-openjdk-1:1.7.0.251-2.6.21.0.el6_10 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2020:0632 | 2020-02-27T00:00:00Z |
| Red Hat Enterprise Linux 6 Supplementary | |||
| java-1.7.1-ibm-1:1.7.1.4.65-1jpp.1.el6_10 | cpe:/a:redhat:rhel_extras:6 | RHSA-2020:2236 | 2020-05-20T00:00:00Z |
| java-1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el6_10 | cpe:/a:redhat:rhel_extras:6 | RHSA-2020:2239 | 2020-05-20T00:00:00Z |
| Red Hat Enterprise Linux 7 | |||
| java-11-openjdk-1:11.0.6.10-1.el7_7 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2020:0122 | 2020-01-16T00:00:00Z |
| java-1.8.0-openjdk-1:1.8.0.242.b08-0.el7_7 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2020:0196 | 2020-01-21T00:00:00Z |
| java-1.7.0-openjdk-1:1.7.0.251-2.6.21.0.el7_7 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2020:0541 | 2020-02-19T00:00:00Z |
| Red Hat Enterprise Linux 7 Supplementary | |||
| java-1.8.0-ibm-1:1.8.0.6.10-1jpp.1.el7 | cpe:/a:redhat:rhel_extras:7 | RHSA-2020:2237 | 2020-05-20T00:00:00Z |
| java-1.7.1-ibm-1:1.7.1.4.65-1jpp.1.el7 | cpe:/a:redhat:rhel_extras:7 | RHSA-2020:2238 | 2020-05-20T00:00:00Z |
| Red Hat Enterprise Linux 8 | |||
| java-11-openjdk-1:11.0.6.10-0.el8_1 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2020:0128 | 2020-01-16T00:00:00Z |
| java-1.8.0-openjdk-1:1.8.0.242.b08-0.el8_1 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2020:0202 | 2020-01-24T00:00:00Z |
| java-1.8.0-ibm-1:1.8.0.6.10-1.el8_2 | cpe:/a:redhat:enterprise_linux:8::supplementary | RHSA-2020:2241 | 2020-05-20T00:00:00Z |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | |||
| java-1.8.0-openjdk-1:1.8.0.242.b08-0.el8_0 | cpe:/a:redhat:rhel_e4s:8.0 | RHSA-2020:0231 | 2020-01-27T00:00:00Z |
| java-11-openjdk-1:11.0.6.10-0.el8_0 | cpe:/a:redhat:rhel_e4s:8.0 | RHSA-2020:0232 | 2020-01-27T00:00:00Z |
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-2128-1 | openjdk-7 security update |
 Debian DSA |
DSA-4605-1 | openjdk-11 security update |
| Debian DSA |
DSA-4621-1 | openjdk-8 security update |
 EUVD |
EUVD-2020-22447 | Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
 Ubuntu USN |
USN-4257-1 | OpenJDK vulnerabilities |
References
History
Tue, 01 Oct 2024 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Subscriptions
Canonical
Subscribe
Ubuntu Linux
Subscribe
Debian
Subscribe
Debian Linux
Subscribe
Mcafee
Subscribe
Epolicy Orchestrator
Subscribe
Netapp
Subscribe
Active Iq Unified Manager
Subscribe
E-series Performance Analyzer
Subscribe
E-series Santricity Management Plug-ins
Subscribe
E-series Santricity Os Controller
Subscribe
E-series Santricity Storage Manager
Subscribe
E-series Santricity Web Services Proxy
Subscribe
Oncommand Insight
Subscribe
Oncommand Workflow Automation
Subscribe
Santricity Unified Manager
Subscribe
Steelstore Cloud Integrated Storage
Subscribe
Opensuse
Subscribe
Leap
Subscribe
Oracle
Subscribe
Jdk
Subscribe
Jre
Subscribe
Openjdk
Subscribe
Redhat
Subscribe
Enterprise Linux
Subscribe
Enterprise Linux Desktop
Subscribe
Enterprise Linux Eus
Subscribe
Enterprise Linux Server Aus
Subscribe
Enterprise Linux Server Tus
Subscribe
Enterprise Linux Workstation
Subscribe
Rhel E4s
Subscribe
Rhel Extras
Subscribe
MITRE
Status: PUBLISHED
Assigner: oracle
Published:
Updated: 2024-09-30T15:59:18.682Z
Reserved: 2019-12-10T00:00:00.000Z
Link: CVE-2020-2654
Vulnrichment
Updated: 2024-08-04T07:09:55.025Z
NVD
Status : Modified
Published: 2020-01-15T17:15:24.050
Modified: 2024-11-21T05:25:54.230
Link: CVE-2020-2654
Redhat
OpenCVE Enrichment
No data.
Weaknesses