CVE-2020-14556 : Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (compon

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Published 2020-07-15 18:15:20

Updated 2022-10-27 23:01:18

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2020-14556

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 11.0.7
cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 14.0.1
cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.8.0 Update Update251
cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.8.0 Update Update251
cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 20.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 31
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.2
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Workflow Automation » Version: N/A
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Insight » Version: N/A
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Backup » Version: N/A
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Matching versions
Netapp » Snapmanager » Version: N/A For SAP
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
Matching versions
Netapp » Snapmanager » Version: N/A For Oracle
cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*
Matching versions
Netapp » Steelstore Cloud Integrated Storage » Version: N/A
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Matching versions
Netapp » Storagegrid
Versions from including (>=) 9.0.0 and up to, including, (<=) 9.0.4
cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*
Matching versions
Netapp » Storagegrid » Version: N/A
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Os Controller
Versions from including (>=) 11.0.0 and up to, including, (<=) 11.70.2
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Web Services » Version: N/A For Web Services Proxy
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Windows
Versions from including (>=) 7.3
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Vsphere
Versions from including (>=) 9.5
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*
Matching versions
Netapp » 7-mode Transition Tool » Version: N/A
cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
Matching versions
Netapp » Santricity Unified Manager » Version: N/A
cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Performance Analyzer » Version: N/A
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Secure Agent » Version: N/A
cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2020-14556

Top countries where our scanners detected CVE-2020-14556

Top open port discovered on systems with this issue 80

IPs affected by CVE-2020-14556 834

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2020-14556!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2020-14556

EPSS FAQ

0.47%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 62 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-14556

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
4.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N	2.2	2.5	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None
4.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N	2.2	2.5	Oracle
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

References for CVE-2020-14556

https://security.gentoo.org/glsa/202209-15

Oracle JDK/JRE: Multiple vulnerabilities (GLSA 202209-15) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/

[SECURITY] Fedora 31 Update: java-1.8.0-openjdk-1.8.0.262.b10-1.fc31 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html

[security-announce] openSUSE-SU-2020:1893-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2020/dsa-4734

Debian -- Security Information -- DSA-4734-1 openjdk-11
Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpujul2020.html

Oracle Critical Patch Update Advisory - July 2020
Patch;Vendor Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202008-24

OpenJDK: Multiple vulnerabilities (GLSA 202008-24) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/

[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.262.b10-1.fc32 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/

Mailing List;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4433-1/

USN-4433-1: OpenJDK vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20200717-0005/

July 2020 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html

[security-announce] openSUSE-SU-2020:1191-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4453-1/

USN-4453-1: OpenJDK 8 vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html

[SECURITY] [DLA 2325-1] openjdk-8 security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html

[security-announce] openSUSE-SU-2020:1175-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/

[SECURITY] Fedora 31 Update: java-11-openjdk-11.0.8.10-2.fc31 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-14556

Products affected by CVE-2020-14556

Threat overview for CVE-2020-14556

Exploit prediction scoring system (EPSS) score for CVE-2020-14556

CVSS scores for CVE-2020-14556

References for CVE-2020-14556