CVE-2020-14621

Summary

CVE	CVE-2020-14621
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-07-15 18:15:00 UTC
Updated	2023-11-07 03:17:00 UTC
Description	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	20.04	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	31	All	All	All
Operating System	Fedoraproject	Fedora	32	All	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	-	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_1	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_2	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_3	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_4	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_5	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_6	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_7	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_8	All	All
Application	Mcafee	Epolicy Orchestrator	5.9.0	All	All	All
Application	Mcafee	Epolicy Orchestrator	5.9.1	All	All	All
Application	Netapp	7-mode Transition Tool	-	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Application	Netapp	Cloud Backup	-	All	All	All
Application	Netapp	Cloud Secure Agent	-	All	All	All
Application	Netapp	E-series Performance Analyzer	-	All	All	All
Application	Netapp	E-series Santricity Os Controller	All	All	All	All
Application	Netapp	E-series Santricity Os Controller	All	All	All	All
Application	Netapp	E-series Santricity Storage Manager	-	All	All	All
Application	Netapp	E-series Santricity Web Services	-	All	All	All
Application	Netapp	Oncommand Insight	-	All	All	All
Application	Netapp	Oncommand Unified Manager Core Package	-	All	All	All
Application	Netapp	Oncommand Workflow Automation	-	All	All	All
Application	Netapp	Plug-in For Symantec Netbackup	-	All	All	All
Application	Netapp	Santricity Unified Manager	-	All	All	All
Application	Netapp	Snapmanager	-	All	All	All
Application	Netapp	Snapmanager	-	All	All	All
Application	Netapp	Steelstore Cloud Integrated Storage	-	All	All	All
Operating System	Opensuse	Leap	15.1	All	All	All
Operating System	Opensuse	Leap	15.2	All	All	All
Application	Oracle	Jdk	1.7.0	update261	All	All
Application	Oracle	Jdk	1.7.0	update_261	All	All
Application	Oracle	Jdk	1.8.0	update251	All	All
Application	Oracle	Jdk	1.8.0	update_251	All	All
Application	Oracle	Jdk	11.0.7	All	All	All
Application	Oracle	Jdk	14.0.1	All	All	All
Application	Oracle	Jdk	1.7.0	update_261	All	All
Application	Oracle	Jdk	1.8.0	update_251	All	All
Application	Oracle	Jdk	11.0.7	All	All	All
Application	Oracle	Jdk	14.0.1	All	All	All
Application	Oracle	Jre	1.8.0	update251	All	All
Application	Oracle	Jre	1.8.0	update_251	All	All
Application	Oracle	Jre	1.8.0	update_251	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 31 Update: java-11-openjdk-11.0.8.10-2.fc31 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Oracle JDK/JRE: Multiple vulnerabilities (GLSA 202209-15) — Gentoo security	GENTOO	security.gentoo.org
Oracle Critical Patch Update Advisory - July 2020	MISC	www.oracle.com	Vendor Advisory
[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.262.b10-1.fc32 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Pony Mail!	MLIST	lists.apache.org
USN-4433-1: OpenJDK vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
[security-announce] openSUSE-SU-2020:1175-1: important: Security update	SUSE	lists.opensuse.org
Pony Mail!		lists.apache.org
OpenJDK: Multiple vulnerabilities (GLSA 202008-24) — Gentoo security	GENTOO	security.gentoo.org
[SECURITY] Fedora 32 Update: java-11-openjdk-11.0.8.10-2.fc32 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[security-announce] openSUSE-SU-2020:1191-1: important: Security update	SUSE	lists.opensuse.org
[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.262.b10-1.fc32 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 32 Update: java-11-openjdk-11.0.8.10-2.fc32 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[security-announce] openSUSE-SU-2020:1893-1: important: Security update	SUSE	lists.opensuse.org
[SECURITY] Fedora 31 Update: java-1.8.0-openjdk-1.8.0.262.b10-1.fc31 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] [DLA 2325-1] openjdk-8 security update	MLIST	lists.debian.org
[SECURITY] Fedora 31 Update: java-11-openjdk-11.0.8.10-2.fc31 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 31 Update: java-1.8.0-openjdk-1.8.0.262.b10-1.fc31 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Debian -- Security Information -- DSA-4734-1 openjdk-11	DEBIAN	www.debian.org
McAfee Security Bulletin - ePolicy Orchestrator update addresses multiple vulnerabilities (CVE-2020-7317, CVE-2020-7318, CVE-2020-13935, CVE-2020-9484, CVE-2020-14621, CVE-2020-14573, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-2754, CVE-2020-2755, CVE-2020-2756, CVE-2020-2757, CVE-2020-2764, CVE-2020-2773)	CONFIRM	kc.mcafee.com
July 2020 Java Platform Standard Edition Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
USN-4453-1: OpenJDK 8 vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

375601 IBM WebSphere Application Server Multiple Vulnerabilities(6256732)
375626 IBM Cognos Analytics Multiple Vulnerabilities (6451705)
375813 Azul Java Multiple Vulnerabilities Security Update July 2020
375982 Amazon Corretto Critical Patch Update (JUL2020)
377034 Alibaba Cloud Linux Security Update for java-11-openjdk (ALINUX2-SA-2020:0106)
377185 Alibaba Cloud Linux Security Update for java-1.8.0-openjdk (ALINUX2-SA-2020:0107)
501104 Alpine Linux Security Update for openjdk8
501205 Alpine Linux Security Update for openjdk11
501214 Alpine Linux Security Update for openjdk7
501649 Alpine Linux Security Update for openjdk7
670347 EulerOS Security Update for java-1.8.0-openjdk (EulerOS-SA-2021-1877)
750542 OpenSUSE Security Update for java-1_8_0-openjdk (openSUSE-SU-2020:2083-1)
750556 OpenSUSE Security Update for java-1_8_0-openjdk (openSUSE-SU-2020:2048-1)