Description
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Published: 2020-04-15
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-4662-1 openjdk-11 security update
EUVD EUVD EUVD-2020-22571 Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Ubuntu USN Ubuntu USN USN-4337-1 OpenJDK vulnerabilities
History

Mon, 30 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Canonical Ubuntu Linux
Debian Debian Linux
Netapp 7-mode Transition Tool Active Iq Unified Manager Cloud Backup Cloud Secure Agent E-series Performance Analyzer E-series Santricity Os Controller E-series Santricity Web Services Oncommand Insight Oncommand Workflow Automation Plug-in For Symantec Netbackup Santricity Unified Manager Snapmanager Steelstore Cloud Integrated Storage Storagegrid
Opensuse Leap
Oracle Jdk Jre Openjdk
Redhat Enterprise Linux Rhel E4s
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2024-09-30T15:38:23.112Z

Reserved: 2019-12-10T00:00:00.000Z

Link: CVE-2020-2778

cve-icon Vulnrichment

Updated: 2024-08-04T07:17:02.621Z

cve-icon NVD

Status : Modified

Published: 2020-04-15T14:15:26.843

Modified: 2024-11-21T05:26:14.757

Link: CVE-2020-2778

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-04-14T00:00:00Z

Links: CVE-2020-2778 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses