CVE-2020-14803
Summary
| CVE | CVE-2020-14803 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-21 15:15:00 UTC |
| Updated | 2021-02-24 21:42:00 UTC |
| Description | Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Netapp | 7-mode Transition Tool | - | All | All | All |
| Application | Netapp | 7-mode Transition Tool | - | All | All | All |
| Application | Netapp | Active Iq Unified Manager | All | All | All | All |
| Application | Netapp | Active Iq Unified Manager | All | All | All | All |
| Application | Netapp | Active Iq Unified Manager | All | All | All | All |
| Application | Netapp | Active Iq Unified Manager | All | All | All | All |
| Application | Netapp | E-series Santricity Os Controller | All | All | All | All |
| Application | Netapp | E-series Santricity Storage Manager | - | All | All | All |
| Application | Netapp | E-series Santricity Storage Manager | - | All | All | All |
| Application | Netapp | E-series Santricity Web Services Proxy | - | All | All | All |
| Application | Netapp | E-series Santricity Web Services Proxy | - | All | All | All |
| Application | Netapp | Hci Management Node | - | All | All | All |
| Application | Netapp | Hci Management Node | - | All | All | All |
| Hardware | Netapp | Hci Storage Node | - | All | All | All |
| Hardware | Netapp | Hci Storage Node | - | All | All | All |
| Application | Netapp | Oncommand Insight | - | All | All | All |
| Application | Netapp | Oncommand Insight | - | All | All | All |
| Application | Netapp | Oncommand Unified Manager | - | All | All | All |
| Application | Netapp | Oncommand Unified Manager | - | All | All | All |
| Application | Netapp | Santricity Cloud Connector | - | All | All | All |
| Application | Netapp | Santricity Cloud Connector | - | All | All | All |
| Application | Netapp | Santricity Unified Manager | - | All | All | All |
| Application | Netapp | Santricity Unified Manager | - | All | All | All |
| Application | Netapp | Snapmanager | - | - | All | All |
| Application | Netapp | Snapmanager | - | - | All | All |
| Application | Netapp | Snapmanager | - | - | All | All |
| Application | Netapp | Snapmanager | - | - | All | All |
| Application | Netapp | Solidfire | - | All | All | All |
| Application | Netapp | Solidfire | - | All | All | All |
| Operating System | Opensuse | Leap | 15.2 | All | All | All |
| Operating System | Opensuse | Leap | 15.2 | All | All | All |
| Application | Oracle | Graalvm | 19.3.3 | All | All | All |
| Application | Oracle | Graalvm | 19.3.4 | All | All | All |
| Application | Oracle | Graalvm | 20.2.0 | All | All | All |
| Application | Oracle | Graalvm | 20.3.0 | All | All | All |
| Application | Oracle | Graalvm | 19.3.3 | All | All | All |
| Application | Oracle | Graalvm | 19.3.4 | All | All | All |
| Application | Oracle | Graalvm | 20.2.0 | All | All | All |
| Application | Oracle | Graalvm | 20.3.0 | All | All | All |
| Application | Oracle | Jdk | 11.0.8 | All | All | All |
| Application | Oracle | Jdk | 15.0 | All | All | All |
| Application | Oracle | Jdk | 7.0 | update_281 | All | All |
| Application | Oracle | Jdk | 8.0 | update_271 | All | All |
| Application | Oracle | Jdk | 11.0.8 | All | All | All |
| Application | Oracle | Jdk | 15.0 | All | All | All |
| Application | Oracle | Jdk | 7.0 | update_281 | All | All |
| Application | Oracle | Jdk | 8.0 | update_271 | All | All |
| Application | Oracle | Jre | 11.0.8 | All | All | All |
| Application | Oracle | Jre | 15.0 | All | All | All |
| Application | Oracle | Jre | 7.0 | update_281 | All | All |
| Application | Oracle | Jre | 8.0 | update_271 | All | All |
| Application | Oracle | Jre | 11.0.8 | All | All | All |
| Application | Oracle | Jre | 15.0 | All | All | All |
| Application | Oracle | Jre | 7.0 | update_281 | All | All |
| Application | Oracle | Jre | 8.0 | update_271 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian -- Security Information -- DSA-4779-1 openjdk-11 | DEBIAN | www.debian.org | Third Party Advisory |
| Oracle Critical Patch Update Advisory - October 2020 | MISC | www.oracle.com | Patch, Vendor Advisory |
| [SECURITY] [DLA 2412-1] openjdk-8 security update | MLIST | lists.debian.org | Mailing List, Third Party Advisory |
| OpenJDK: Multiple vulnerabilities (GLSA 202101-19) — Gentoo security | GENTOO | security.gentoo.org | Third Party Advisory |
| [security-announce] openSUSE-SU-2020:1893-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Oracle Critical Patch Update Advisory - January 2021 | MISC | www.oracle.com | Third Party Advisory |
| October 2020 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 330080 IBM AIX Java Multiple Vulnerabilities (java_mar2021_advisory)
- 375285 EulerOS Security Update for java-1.8.0-openjdk (EulerOS-SA-2021-1310)
- 375367 EulerOS Security Update for java-1.8.0-openjdk (EulerOS-SA-2021-1198)
- 375466 IBM CICS Transaction Gateway Multiple Vulnerabilities
- 375815 Azul Java Multiple Vulnerabilities Security Update October2020
- 375983 Amazon Corretto Critical Patch Update (OCT2020)
- 377238 Alibaba Cloud Linux Security Update for java-11-openjdk (ALINUX2-SA-2020:0172)
- 377467 Alibaba Cloud Linux Security Update for java-1.8.0-openjdk (ALINUX2-SA-2020:0174)
- 501104 Alpine Linux Security Update for openjdk8
- 501206 Alpine Linux Security Update for openjdk11
- 501214 Alpine Linux Security Update for openjdk7
- 501651 Alpine Linux Security Update for openjdk7
- 670347 EulerOS Security Update for java-1.8.0-openjdk (EulerOS-SA-2021-1877)
- 730118 Dell Unisphere for PowerMax Security Update for Multiple Third-Party Component Vulnerabilities
- 730119 Dell Solutions Enabler Security Update for Multiple Third-Party Component Vulnerabilities
- 750334 OpenSUSE Security Update for java-1_8_0-openjdk (openSUSE-SU-2021:0374-1)
- 750542 OpenSUSE Security Update for java-1_8_0-openjdk (openSUSE-SU-2020:2083-1)
- 750556 OpenSUSE Security Update for java-1_8_0-openjdk (openSUSE-SU-2020:2048-1)
- 750579 OpenSUSE Security Update for java-11-openjdk (openSUSE-SU-2020:1994-1)
- 750585 OpenSUSE Security Update for java-11-openjdk (openSUSE-SU-2020:1984-1)